{"id":"CVE-2023-0583","details":"The VK Blocks plugin for WordPress is vulnerable to improper authorization via the REST 'update_vk_blocks_options' function in versions up to, and including, 1.57.0.5. This allows authenticated attackers, with contributor-level permissions or above, to change plugin settings including default icons.","modified":"2026-04-12T06:36:15.195889Z","published":"2023-06-03T02:15:09.050Z","references":[{"type":"WEB","url":"https://plugins.trac.wordpress.org/changeset/2921566/vk-blocks/tags/1.57.1.0/inc/vk-blocks/App/RestAPI/BlockMeta/class-vk-blocks-entrypoint.php"},{"type":"ADVISORY","url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/12a94f5b-bc30-4a65-b397-54488c836ec3?source=cve"},{"type":"FIX","url":"https://plugins.trac.wordpress.org/browser/vk-blocks/trunk/inc/vk-blocks/App/RestAPI/BlockMeta/class-vk-blocks-entrypoint.php"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/vektor-inc/vk-blocks","events":[{"introduced":"0"},{"last_affected":"9dee8ca4956dd40419e75c16e7864f1b2a1091c3"}],"database_specific":{"cpe":"cpe:2.3:a:vektor-inc:vk_blocks:*:*:*:*:*:wordpress:*:*","source":"CPE_FIELD","extracted_events":[{"introduced":"0"},{"last_affected":"1.57.0.5"}]}}],"versions":["0.17.2","0.17.3","0.17.4","0.17.6","0.22.0","0.22.4","0.26.2","0.26.3","0.26.4","0.26.5","0.31.0","0.35.1","0.35.2","0.35.3","0.35.4","0.35.5","0.37.0","0.37.2","0.37.3","0.37.4","0.37.5","0.38.1","0.38.2","0.38.5","0.38.6","0.38.7","0.38.8","0.39.4","0.41.0","0.42.0","0.5.1","0.6.0","1.0.0","1.0.10","1.0.11","1.0.12","1.0.13","1.0.14","1.0.15","1.0.16","1.0.7","1.0.9","1.10.0","1.11.0","1.11.1","1.11.2","1.11.3","1.11.4","1.12.0","1.13.0","1.13.1","1.13.2","1.14.0","1.14.1","1.15.0","1.15.1","1.16.0","1.16.1","1.16.10","1.16.11","1.16.2","1.16.3","1.16.4","1.16.5","1.16.6","1.16.7","1.16.8","1.16.9","1.17.0","1.18.0","1.18.1","1.18.2","1.18.3","1.18.4","1.18.5","1.18.6","1.19.0","1.19.1","1.2.0","1.2.1","1.2.2","1.2.3","1.20.3","1.20.4","1.20.5","1.20.6","1.20.7","1.21.0","1.22.0","1.22.1","1.22.2","1.22.3","1.22.4","1.23.0","1.24.1","1.24.2","1.24.3","1.24.4","1.24.5","1.25.0","1.25.1","1.26.0","1.26.1","1.26.2","1.27.0","1.27.1","1.27.3","1.27.4","1.27.5","1.27.6.0","1.27.6.1","1.27.7.0","1.27.7.1","1.27.7.2","1.28.0.0","1.28.0.1","1.29.0.0","1.29.0.1","1.29.1.0","1.29.2.0","1.3.1","1.3.2","1.3.4","1.3.5","1.3.6","1.3.7","1.3.8","1.3.9","1.30.0.0","1.30.0.1","1.31.0.0","1.31.0.1","1.32.0.1","1.32.0.2","1.33.2.0","1.33.2.1","1.36.0.0","1.36.0.1","1.36.1.4","1.36.1.5","1.37.0.0","1.39.1.0","1.39.1.1","1.39.1.2","1.39.2.0","1.39.2.1","1.4.0","1.4.1","1.4.2","1.4.3","1.4.4","1.4.5","1.4.6","1.40.0.0","1.40.0.1","1.40.1.0","1.40.1.1","1.41.0.0","1.41.0.1","1.41.2.2","1.41.2.3","1.43.0.0","1.43.0.1","1.43.0.2","1.44.0.0","1.44.0.1","1.45.0.0","1.45.0.1","1.46.0.0","1.46.0.1","1.47.0.0","1.47.0.1","1.47.1.0","1.48.0.0","1.48.0.1","1.48.0.2","1.48.1.0","1.48.1.1","1.5.0","1.50.0.0","1.50.0.1","1.51.0.0","1.51.0.1","1.52.0.0","1.52.0.1","1.53.0.0","1.53.0.1","1.54.0.0","1.54.0.1","1.55.0.0","1.55.0.1","1.56.0.0","1.56.0.1","1.57.0.0","1.57.0.1","1.57.0.3","1.57.0.4","1.57.0.5","1.6.0","1.7.0","1.7.1","1.8.0","1.8.1","1.8.2","1.9.0","1.9.1","1.9.2","pre_1.27.6.0","pre_1.27.8.0","pre_1.27.9.0","pre_1.28.0.0","pre_1.29.0.0","pre_1.29.1.0","pre_1.29.2.0","pre_1.30.0.0","pre_1.32.0.0","pre_1.32.0.1","pre_1.33.0.0","pre_1.33.1.0","pre_1.33.2.0","pre_1.34.0.0","pre_1.34.1.0","pre_1.35.0.0","pre_1.36.0.0","pre_1.36.1.0","pre_1.36.1.4","pre_1.36.2.0","pre_1.37.0.0","pre_1.38.0.0","pre_1.38.0.1","pre_1.39.0.0","pre_1.39.1.0","pre_1.39.2.0","pre_1.40.0.0","pre_1.40.1.0","pre_1.41.0.0","pre_1.41.1.0","pre_1.41.2.1","pre_1.41.2.2","pre_1.42.0.0","pre_1.42.1.0","pre_1.43.0.0","pre_1.44.0.0","pre_1.45.0.0","pre_1.46.0.0","pre_1.46.0.10","pre_1.47.0.0","pre_1.47.1.0","pre_1.48.0.0","pre_1.48.0.1","pre_1.48.1.0","pre_1.49.0.0","pre_1.50.0.0","pre_1.50.1.0","pre_1.51.0.0","pre_1.52.0.0","pre_1.53.0.0","pre_1.54.0.0","pre_1.55.0.0","pre_1.56.0.0","pre_1.57.0.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-0583.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}]}