CVE-2023-5706

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-5706

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-5706.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-5706

Published

2023-11-22T15:33:18.579Z

Modified

2026-05-28T04:09:21.427666106Z

Severity

6.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N CVSS Calculator

Summary

VK Blocks <= 1.63.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block

Details

The VK Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'vk-blocks/ancestor-page-list' block in all versions up to, and including, 1.63.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Database specific

{
    "unresolved_ranges": [
        {
            "source": "AFFECTED_FIELD",
            "extracted_events": [
                {
                    "last_affected": "1.63.0.1"
                }
            ]
        }
    ],
    "cna_assigner": "Wordfence",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/5xxx/CVE-2023-5706.json",
    "cwe_ids": [
        "CWE-79"
    ]
}

References

Affected packages

Git / github.com/vektor-inc/vk-blocks

Affected ranges

Type

GIT

Repo

https://github.com/vektor-inc/vk-blocks

Events

Introduced

Last affected

4e30a8380b620642f7a222412bec852a4cfc982c

Database specific

{
    "source": "CPE_RANGE",
    "cpe": "cpe:2.3:a:vektor-inc:vk_blocks:*:*:*:*:-:wordpress:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.63.0.1"
        }
    ]
}

Affected versions

0.*

0.17.2

0.17.3

0.17.4

0.17.6

0.22.0

0.22.4

0.26.2

0.26.3

0.26.4

0.26.5

0.31.0

0.35.1

0.35.2

0.35.3

0.35.4

0.35.5

0.37.0

0.37.2

0.37.3

0.37.4

0.37.5

0.38.1

0.38.2

0.38.5

0.38.6

0.38.7

0.38.8

0.39.4

0.41.0

0.42.0

0.5.1

0.6.0

1.*

1.0.0

1.0.10

1.0.11

1.0.12

1.0.13

1.0.14

1.0.15

1.0.16

1.0.7

1.0.9

1.10.0

1.11.0

1.11.1

1.11.2

1.11.3

1.11.4

1.12.0

1.13.0

1.13.1

1.13.2

1.14.0

1.14.1

1.15.0

1.15.1

1.16.0

1.16.1

1.16.10

1.16.11

1.16.2

1.16.3

1.16.4

1.16.5

1.16.6

1.16.7

1.16.8

1.16.9

1.17.0

1.18.0

1.18.1

1.18.2

1.18.3

1.18.4

1.18.5

1.18.6

1.19.0

1.19.1

1.2.0

1.2.1

1.2.2

1.2.3

1.20.3

1.20.4

1.20.5

1.20.6

1.20.7

1.21.0

1.22.0

1.22.1

1.22.2

1.22.3

1.22.4

1.23.0

1.24.1

1.24.2

1.24.3

1.24.4

1.24.5

1.25.0

1.25.1

1.26.0

1.26.1

1.26.2

1.27.0

1.27.1

1.27.3

1.27.4

1.27.5

1.27.6.0

1.27.6.1

1.27.7.0

1.27.7.1

1.27.7.2

1.28.0.0

1.28.0.1

1.29.0.0

1.29.0.1

1.29.1.0

1.29.2.0

1.3.1

1.3.2

1.3.4

1.3.5

1.3.6

1.3.7

1.3.8

1.3.9

1.30.0.0

1.30.0.1

1.31.0.0

1.31.0.1

1.32.0.1

1.32.0.2

1.33.2.0

1.33.2.1

1.36.0.0

1.36.0.1

1.36.1.4

1.36.1.5

1.37.0.0

1.39.1.0

1.39.1.1

1.39.1.2

1.39.2.0

1.39.2.1

1.4.0

1.4.1

1.4.2

1.4.3

1.4.4

1.4.5

1.4.6

1.40.0.0

1.40.0.1

1.40.1.0

1.40.1.1

1.41.0.0

1.41.0.1

1.41.2.2

1.41.2.3

1.43.0.0

1.43.0.1

1.43.0.2

1.44.0.0

1.44.0.1

1.45.0.0

1.45.0.1

1.46.0.0

1.46.0.1

1.47.0.0

1.47.0.1

1.47.1.0

1.48.0.0

1.48.0.1

1.48.0.2

1.48.1.0

1.48.1.1

1.5.0

1.50.0.0

1.50.0.1

1.51.0.0

1.51.0.1

1.52.0.0

1.52.0.1

1.53.0.0

1.53.0.1

1.54.0.0

1.54.0.1

1.55.0.0

1.55.0.1

1.56.0.0

1.56.0.1

1.57.0.0

1.57.0.1

1.57.0.3

1.57.0.4

1.57.0.5

1.57.1.0

1.57.1.1

1.57.1.2

1.58.0.0

1.58.0.1

1.59.0.0

1.59.0.1

1.6.0

1.60.0.0

1.60.0.1

1.63.0.0

1.63.0.1

1.7.0

1.7.1

1.8.0

1.8.1

1.8.2

1.9.0

1.9.1

1.9.2

pre_1.*

pre_1.27.6.0

pre_1.27.8.0

pre_1.27.9.0

pre_1.28.0.0

pre_1.29.0.0

pre_1.29.1.0

pre_1.29.2.0

pre_1.30.0.0

pre_1.32.0.0

pre_1.32.0.1

pre_1.33.0.0

pre_1.33.1.0

pre_1.33.2.0

pre_1.34.0.0

pre_1.34.1.0

pre_1.35.0.0

pre_1.36.0.0

pre_1.36.1.0

pre_1.36.1.4

pre_1.36.2.0

pre_1.37.0.0

pre_1.38.0.0

pre_1.38.0.1

pre_1.39.0.0

pre_1.39.1.0

pre_1.39.2.0

pre_1.40.0.0

pre_1.40.1.0

pre_1.41.0.0

pre_1.41.1.0

pre_1.41.2.1

pre_1.41.2.2

pre_1.42.0.0

pre_1.42.1.0

pre_1.43.0.0

pre_1.44.0.0

pre_1.45.0.0

pre_1.46.0.0

pre_1.46.0.10

pre_1.47.0.0

pre_1.47.1.0

pre_1.48.0.0

pre_1.48.0.1

pre_1.48.1.0

pre_1.49.0.0

pre_1.50.0.0

pre_1.50.1.0

pre_1.51.0.0

pre_1.52.0.0

pre_1.53.0.0

pre_1.54.0.0

pre_1.55.0.0

pre_1.56.0.0

pre_1.57.0.0

pre_1.57.1.0

pre_1.58.0.0

pre_1.58.1.0

pre_1.59.0.0

pre_1.60.0.0

pre_1.61.2.0

pre_1.63.0.0

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-5706.json"