cleantalk
Vulnerabilities and Security Researches

VK Blocks, CVE-2023-5706

CVE, Research URL

CVE-2023-5706

Home page URL

Security reports for VK Blocks

Application

VK Blocks

Published on
Nov 22, 2023
Research Description
The VK Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'vk-blocks/ancestor-page-list' block in all versions up to, and including, 1.63.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
max 1.64.0.0.
Status
vulnerable
Previous vulnerability researches
VK Blocks (CVE-2023-27923) , Jun 07, 2024
VK Blocks (CVE-2023-27925) , Jun 07, 2024
VK Blocks (CVE-2023-0583) , Jun 07, 2024
VK Blocks (CVE-2023-5706) , Jun 07, 2024
VK Blocks (CVE-2023-0584) , Jun 07, 2024
New vulnerability
Contact Form Builder Plugin: Multi Step Contact Form, Payment Form, Custom Contact Form Plugin by Bit Form (CVE-2026-25418) , Feb 28, 2026
Image Photo Gallery Final Tiles Grid (CVE-2026-25375) , Feb 28, 2026
Share This Image (CVE-2026-25010) , Feb 28, 2026
Bold Page Builder (CVE-2026-25451) , Feb 28, 2026
Bold Page Builder (CVE-2025-13463) , Feb 28, 2026