0.001 Low
EPSS
Percentile
40.6%
The plugin uses improper authorization for the REST API vk-blocks/v1/options/vk_font_awesome_version, allowing users with a role as low as contributor to change the vk_font_awesome_version option to an arbitrary value.
plugins.trac.wordpress.org/browser/vk-blocks/trunk/inc/vk-blocks/font-awesome/class-vk-blocks-font-awesome-api.php
www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/vk-blocks/vk-blocks-15705-authenticatedcontributor-settings-update