The VK Block Patterns plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.31.1.1. This is due to missing or incorrect nonce validation on the vbp_clear_patterns_cache() function. This makes it possible for unauthenticated attackers to clear the patterns cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2024-01-20T05:37:45.759Z

Updated: 2024-08-01T18:11:35.675Z

Reserved: 2024-01-16T19:09:43.922Z

Link: CVE-2024-0623

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2024-01-20T06:15:44.400

Modified: 2024-11-21T08:47:01.423

Link: CVE-2024-0623

cve-icon Redhat

No data.