{"id":"CVE-2023-0230","details":"The VK All in One Expansion Unit WordPress plugin before 9.86.0.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","modified":"2026-04-10T04:55:37.797816Z","published":"2023-02-27T16:15:11.730Z","references":[{"type":"EVIDENCE","url":"https://wpscan.com/vulnerability/a4ad73b2-6a70-48ff-bf4c-28f81b193748"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/vektor-inc/vk-all-in-one-expansion-unit","events":[{"introduced":"0"},{"fixed":"7e63f9b2a3e53f21a7c904db6ec5d1ff62250f92"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"9.86.0.0"}]}}],"versions":["0.0.0","0.0.0.1","0.0.0.2","0.0.0.3","0.1.2.0","0.1.3.1","0.1.4.0","0.1.5.0","0.1.5.1","1.0.8","2.1.1","2.2.0","2.2.5","2.3.0","2.3.1","2.3.2","2.3.3","2.3.4","2.3.5","2.3.6","3.0.0","3.0.1","3.0.2","3.1.3","3.2.0","3.3.0","3.4.0","3.5.0","3.5.1","3.5.2","3.5.3","3.6.3","3.7.0","3.7.1","3.7.10","3.7.2","3.7.3","3.7.6","3.7.7","3.8.0","4.0.0","4.0.1","4.0.10","4.0.5","4.0.8","4.0.9","4.1.4","4.1.5","4.2.0","4.3.1","4.3.2","4.3.3","4.3.7","4.4.1","4.5.0","4.5.1","4.6.1","4.6.2","4.6.4","4.7.0","5.0.0","5.0.3","5.1.0","5.2.0","5.2.7","5.2.8","5.2.9","5.3.2","5.3.3","5.3.4","5.3.5","5.3.8","5.4.1","5.4.2","5.4.5","5.4.7","5.5.0","5.6.0","5.7.0","6.1.2","6.3.1","6.4.6","6.4.8","6.4.9","9.10.0.0","9.10.0.1","9.10.1.0","9.11.0.0","9.11.1.0","9.11.2.0","9.11.3.0","9.11.4.0","9.11.5.0","9.12.0.0","9.12.0.1","9.13.0.0","9.13.1.0","9.14.0.0","9.15.0.0","9.15.1.0","9.15.1.1","9.15.1.2","9.15.2.1","9.15.3.0","9.15.4.0","9.15.5.0","9.16.0.0","9.16.0.1","9.16.0.2","9.16.1.0","9.16.2.0","9.17.0.0","9.18.0.0","9.18.0.1","9.18.0.2","9.18.1.0","9.19.0.0","9.20.0.0","9.21.0.0","9.22.0.0","9.22.1.0","9.24.0.0","9.26.0.0","9.26.1.0","9.26.2.0","9.27.0.2","9.28.0.0","9.28.1.0","9.28.2.0","9.28.3.0","9.29.0.0","9.29.1.0","9.29.2.0","9.29.3.0","9.29.4.0","9.29.5.0","9.29.6.0","9.29.7.0","9.30.0.0","9.30.0.1","9.30.2.0","9.31.0.0","9.31.10.0","9.31.11.0","9.31.8.0","9.32.0.0","9.33.0.0","9.34.0.0","9.34.1.0","9.35.0.0","9.36.1.0","9.37.0.0","9.37.1.0","9.37.1.1","9.37.2.0","9.38.0.0","9.39.0.0","9.40.0.0","9.41.0.0","9.42.0.0","9.42.1.0","9.43.0.0","9.43.1.0","9.43.2.0","9.44.0.0","9.44.0.1","9.44.0.2","9.44.0.3","9.44.0.4","9.44.0.5","9.44.0.6","9.44.0.7","9.44.0.8","9.44.0.9","9.44.1.0","9.44.2.0","9.45.0.0","9.46.0.0","9.46.1.0","9.47.0.0","9.48.0.0","9.48.1.0","9.60.0.0","9.60.1.0","9.61.0.0","9.61.1.0","9.61.1.1","9.61.2.0","9.61.3.0","9.61.4.0","9.61.5.0","9.61.6.0","9.62.0.0","9.63.0.0","9.63.1.0","9.64.1.0","9.64.2.0","9.64.3.0","9.64.3.1","9.64.3.2","9.64.4.0","9.64.5.0","9.65.0.0","9.66.0.0","9.66.0.1","9.66.01","9.66.1.0","9.66.1.1","9.66.2.0","9.67.0.0","9.67.1.0","9.67.2.0","9.68.0.0","9.68.0.1","9.68.1.0","9.68.2.0","9.68.3.0","9.68.4.0","9.69.0.0","9.69.1.0","9.69.2.0","9.69.3.0","9.70.0.0","9.70.1.0","9.70.2.0","9.71.0.0","9.71.0.1","9.71.0.10","9.71.0.11","9.71.0.12","9.71.0.13","9.71.0.14","9.71.0.15","9.71.0.2","9.71.0.26","9.71.0.27","9.71.0.4","9.71.0.5","9.71.0.6","9.71.1.1","9.72.0.0","9.73.0.0","9.73.0.1","9.73.2.0","9.73.3.0","9.74.0.0","9.74.1.0","9.74.2.0","9.75.0.0","9.76.0.0","9.76.0.1","9.76.1.0","9.76.2.0","9.76.3.0","9.77.0.0","9.78.0.1","9.78.1.0","9.79.0.0","9.8.0.1","9.8.0.3","9.8.1.0","9.8.2.0","9.8.3.0","9.80.0.0","9.80.1.0","9.81.0.0","9.81.0.1","9.81.1.0","9.81.2.0","9.81.3.0","9.82.0.0","9.83.0.0","9.83.1.0","9.84.0.0","9.84.1.0","9.84.2.0","9.84.3.0","9.85.0.0","9.85.0.1","9.9.0.0","push"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-0230.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}]}