CVE-2023-0583: 
WordPress vulnerability analysis and mitigation

The VK Blocks WordPress plugin (versions <= 1.57.0.5) contains an improper authorization vulnerability identified as CVE-2023-0583. The vulnerability was discovered by Ram from Wordfence and was publicly disclosed on June 2, 2023. This security issue affects the plugin's REST API functionality, specifically impacting the settings update mechanism (WPScan, Wordfence).

The vulnerability stems from improper authorization implementation in the REST API endpoint 'vk-blocks/v1/update_vk_blocks_options'. The issue allows users with contributor-level permissions or higher to modify plugin settings, including the ability to change the 'vk_font_awesome_version' option to arbitrary values. The vulnerability has been assigned a CVSS score of 4.3 (Medium), indicating a moderate severity level (WPScan).

When exploited, this vulnerability allows authenticated users with contributor-level access to modify plugin settings that should typically be restricted to administrators. This includes the ability to change default icons and other plugin configurations, potentially affecting the website's appearance and functionality (Wordfence).

The vulnerability has been patched in version 1.57.1.0 of the VK Blocks plugin. Website administrators are advised to update to this version or later to mitigate the security risk (WPScan).