Question 1

What exactly is the vulnerability in VK Blocks?

Accepted Answer

What exactly is the vulnerability in VK Blocks?

The vulnerability is a stored cross-site scripting (XSS) flaw that exists in VK Blocks versions up to and including 1.63.0.1. It's caused by insufficient sanitization of user input in the 'vk-blocks/ancestor-page-list' block provided by the plugin. This allows authenticated users with contributor access or higher to inject arbitrary JavaScript or HTML code into pages that will execute when other users view those pages. Stored XSS vulnerabilities enable malicious users to potentially steal session data, take over admin accounts, or extract sensitive information from other logged-in users.

Question 2

How can this vulnerability be exploited?

Accepted Answer

How can this vulnerability be exploited?

For the vulnerability to be exploited, an attacker would first need contributor or higher access to the WordPress site. They could then add malicious scripts to pages built with VK Blocks through the vulnerable ancestor page list block. When other authenticated users view those pages, the script would execute and could potentially take over their account, steal cookies or session data, or inject malicious redirects. The attacker could leverage this to fully compromise the WordPress site over time.

Question 3

What versions of VK Blocks are affected?

Accepted Answer

What versions of VK Blocks are affected?

VK Blocks versions up to and including 1.63.0.1 contain this vulnerability. It was addressed by the developers in version 1.64.0.0 through improved input sanitization on the problematic plugin block. All versions up to 1.63.0.1 can be exploited and should be updated urgently.

Question 4

How can I tell if my site was compromised through this vulnerability?

Accepted Answer

How can I tell if my site was compromised through this vulnerability?

If you have an older version of VK Blocks active, check any pages built with the plugin thoroughly, especially ones edited by contributor or admin level users. Look for any unauthorized tags, scripts, or iframes injected into the page content. Also check for any suspicious new admin accounts. If you find anything suspicious, take your site offline and investigate further. You may need to restore from a clean backup if accounts were compromised.

Question 5

I use VK Blocks - what should I do?

Accepted Answer

I use VK Blocks - what should I do?

If you have VK Blocks installed, you should update to version 1.64.0.0 or higher immediately to patch this vulnerability. This will secure any new pages created. You should also thoroughly audit existing pages for any malicious scripts that may have been injected already by an attacker. Removing vulnerable versions of the plugin is crucial to securing your WordPress site.

Question 6

Are other plugins from VK vulnerable?

Accepted Answer

Are other plugins from VK vulnerable?

As of now, there are no reports of other vulnerabilities in other Vektor, Inc. plugins. This appears to be isolated to problematic input sanitization in VK Blocks specifically. Of course, it's always a good idea to keep all plugins updated to the latest versions as a general security practice.

Question 7

Is updating the only solution?

Accepted Answer

Is updating the only solution?

Updating VK Blocks is the recommended remediation since the vulnerability has been patched by the developers. You could also potentially switch to an alternate page builder plugin if you wish to be extra cautious. But the update does address the problem directly. Be sure to check existing pages for unauthorized scripts after updating.

Question 8

How did this vulnerability get discovered?

Accepted Answer

How did this vulnerability get discovered?

The stored XSS vulnerability in VK Blocks was disclosed publicly on October 25, 2023 by a security researcher named Lana Codes. The details were then added to the Wordfence vulnerability database. Many vulnerabilities are discovered by researchers auditing the security of popular plugins. This highlights the importance of responsible disclosure and frequent audits.

Question 9

What is the CVSS score?

Accepted Answer

What is the CVSS score?

The Common Vulnerability Scoring System (CVSS) is used to assess the severity of vulnerabilities. This vulnerability in VK Blocks was assigned a CVSS v3.1 base score of 6.4, meaning it is medium severity. The score reflects the access required (contributor+) and the potential impacts such as data theft and account takeover. While not critical, it still poses a significant risk.

Question 10

How can I prevent similar vulnerabilities in the future?

Accepted Answer

How can I prevent similar vulnerabilities in the future?

Unfortunately vulnerabilities in plugins are quite common. To reduce risk, always keep WordPress, plugins and themes updated to the latest versions. Don't use unsupported or abandoned plugins. Limit user roles and access. Perform frequent security scans of your site for vulnerabilities. Sign up for plugin security notifications. And make regular backups of your site in case you need to restore after an incident. Staying proactive is key for security.

CVE-2023-5706

WordPress Plugin Vulnerability Report – VK Blocks – Authenticated (Contributor+) Stored Cross-Site Scripting via Block – CVE-2023-5706

Recent Blog Posts

LiteSpeed Cache Vulnerability – Unauthenticated Sensitive Information Exposure via Log Files – CVE-2024-44000 | WordPress Plugin Vulnerability Report

Elementor Addon Elements Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Parameters – CVE-2024-4401, CVE-2024-7122 | WordPress Plugin Vulnerability Report

The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid Vulnerability – Authenticated (Contributor+) Information Disclosure – CVE-2024-7418 | WordPress Plugin Vulnerability Report

Additional Resources

About Your WP Guy