CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
Percentile
44.5%
WordPress Plugin “VK Blocks” and “VK All in One Expansion Unit” provided by Vektor,Inc. contain multiple cross-site scripting vulnerabilities (CWE-79) listed below.
Cross-site scripting vulnerability in Tag edit function - CVE-2023-27923
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | Base Score: 5.4 |
CVSS v2 | AV:N/AC:M/Au:S/C:N/I:P/A:N | Base Score: 3.5 |
Cross-site scripting vulnerability in Post function - CVE-2023-27925
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | Base Score: 5.4 |
CVSS v2 | AV:N/AC:L/Au:S/C:N/I:P/A:N | Base Score: 4.0 |
Cross-site scripting vulnerability in Profile setting function - CVE-2023-27926
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | Base Score: 5.4 |
CVSS v2 | AV:N/AC:L/Au:S/C:N/I:P/A:N | Base Score: 4.0 |
Cross-site scripting vulnerability in CTA post function - CVE-2023-28367
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | Base Score: 5.4 |
CVSS v2 | AV:N/AC:M/Au:S/C:N/I:P/A:N | Base Score: 3.5 |
Update the plugin
Update the plugin according to the information provided by the developer.
The developer has released the following versions that address these vulnerabilities.
CVE-2023-27923, CVE-2023-27925
VK Blocks 1.53.0.1 and earlier
VK Blocks Pro 1.53.0.1 and earlier
CVE-2023-27926, CVE-2023-28367
VK All in One Expansion Unit 9.88.1.0 and earlier