CVE-2024-13635

EUVD-2025-6248
The VK Blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.94.2.2 via the page content block. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including the content of private posts and pages.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
WordfenceCNA
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 42%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
vektor-incvk_blocks
𝑥
≤ 1.94.2.2
CNA
Common Weakness Enumeration
References
https://plugins.trac.wordpress.org/browser/vk-blocks/trunk/inc/vk-blocks/build/blocks/page-content/index.php
https://plugins.trac.wordpress.org/changeset/3233455/vk-blocks/trunk/inc/vk-blocks/build/blocks/page-content/index.php
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3233455%40vk-blocks%2Ftrunk&old=3227170%40vk-blocks%2Ftrunk&sfp_email=&sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/cc03b3f4-2edb-463b-812b-6a187a7a893c?source=cve