CVE-2024-0623

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Jan 20, 2024

Updated: Jan 26, 2024

CWE ID 352

Summary

CVE-2024-0623 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the VK Block Patterns plugin for WordPress. Versions up to 1.31.1.1 are susceptible to this issue. The root cause is a lack of proper nonce validation in the vbp_clear_patterns_cache() function. Consequently, unauthenticated attackers can manipulate site administrators into executing malicious requests, enabling them to clear the patterns cache. This vulnerability poses a significant risk, as it can lead to unintended modifications or loss of data.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

VektorInc.

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/uKyGse
https://www.cve.org/CVERecord?id=CVE-2024-0623
https://nvd.nist.gov/vuln/detail/CVE-2024-0623

Back to Vulnerability Database

CVE-2024-0623

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations