CVE-2024-13635

Published: Mar 7, 2025Modified: Mar 7, 2025

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: security@wordfence.com (Secondary)

Description

The VK Blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.94.2.2 via the page content block. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including the content of private posts and pages.

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (4)

https://plugins.trac.wordpress.org/browser/vk-blocks/trunk/inc/vk-blocks/build/blocks/page-content/index.php

Source: security@wordfence.com

https://plugins.trac.wordpress.org/changeset/3233455/vk-blocks/trunk/inc/vk-blocks/build/blocks/page-content/index.php

Source: security@wordfence.com

https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3233455%40vk-blocks%2Ftrunk&old=3227170%40vk-blocks%2Ftrunk&sfp_email=&sfph_mail=

Source: security@wordfence.com

https://www.wordfence.com/threat-intel/vulnerabilities/id/cc03b3f4-2edb-463b-812b-6a187a7a893c?source=cve

Source: security@wordfence.com

Timeline

No history available yet.