Published: 2023/05/09  Last Updated: 2023/05/09

Information from Vektor,Inc.

Vulnerability ID:JVN#95792402
Title:WordPress Plugin "VK Blocks" and "VK All in One Expansion Unit" vulnerable to cross-site scripting
Status:Vulnerable

This is a statement from the vendor itself with no modification by JPCERT/CC.

- Applicable product name: VK Blocks
- Version: 1.53.0.1 and earlier
- Potential Impact of Vulnerability:
Cross-site scripting can be executed from within the management screen while the user is logged in to the management screen.
- How to deal with vulnerabilities: Please update to version 1.54.0.0 or later.

- Applicable product name: VK All in One Expansion Unit
- Version: 9.88.1.0 and earlier
- Potential Impact of Vulnerability:
Cross-site scripting can be executed from within the management screen while the user is logged in to the management screen.
- How to deal with vulnerabilities: Please update to version 9.88.2.0 or later.

- Acknowledgments:
Thank you apple502j for reporting the relevant information.