Refine your search
2 vulnerabilities found for by edge22
CVE-2025-12512 (GCVE-0-2025-12512)
Vulnerability from cvelistv5
Published
2025-12-13 03:20
Modified
2025-12-15 15:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Summary
The GenerateBlocks plugin for WordPress is vulnerable to information exposure due to missing object-level authorization checks in versions up to, and including, 2.1.2. This is due to the plugin registering multiple REST API routes under `generateblocks/v1/meta/` that gate access with `current_user_can('edit_posts')`, which is granted to low-privileged roles such as Contributor. The handlers accept arbitrary entity IDs (user IDs, post IDs, etc.) and meta keys, returning any requested metadata with only a short blacklist of password-like keys for protection. There is no object-level authorization ensuring the caller is requesting only their own data, and there is no allowlist of safe keys. This makes it possible for authenticated attackers, with Contributor-level access and above, to exfiltrate personally identifiable information (PII) and other sensitive profile data of administrator accounts or any other users by directly querying user meta keys via the exposed endpoints via the `get_user_meta_rest` function. In typical WordPress + WooCommerce setups, this includes names, email, phone, and address fields that WooCommerce stores in user meta, enabling targeted phishing, account takeover pretexting, and privacy breaches.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| edge22 | GenerateBlocks |
Version: * ≤ 2.1.2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12512",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-15T15:43:58.875682Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-15T15:49:15.370Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "GenerateBlocks",
"vendor": "edge22",
"versions": [
{
"lessThanOrEqual": "2.1.2",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Athiwat Tiprasaharn"
}
],
"descriptions": [
{
"lang": "en",
"value": "The GenerateBlocks plugin for WordPress is vulnerable to information exposure due to missing object-level authorization checks in versions up to, and including, 2.1.2. This is due to the plugin registering multiple REST API routes under `generateblocks/v1/meta/` that gate access with `current_user_can(\u0027edit_posts\u0027)`, which is granted to low-privileged roles such as Contributor. The handlers accept arbitrary entity IDs (user IDs, post IDs, etc.) and meta keys, returning any requested metadata with only a short blacklist of password-like keys for protection. There is no object-level authorization ensuring the caller is requesting only their own data, and there is no allowlist of safe keys. This makes it possible for authenticated attackers, with Contributor-level access and above, to exfiltrate personally identifiable information (PII) and other sensitive profile data of administrator accounts or any other users by directly querying user meta keys via the exposed endpoints via the `get_user_meta_rest` function. In typical WordPress + WooCommerce setups, this includes names, email, phone, and address fields that WooCommerce stores in user meta, enabling targeted phishing, account takeover pretexting, and privacy breaches."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-13T03:20:25.130Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6affdb56-39cc-4749-b7cb-b80b7666f028?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/generateblocks/tags/2.1.1/includes/class-meta-handler.php#L56"
},
{
"url": "https://plugins.trac.wordpress.org/browser/generateblocks/tags/2.1.1/includes/class-meta-handler.php#L297"
},
{
"url": "https://plugins.trac.wordpress.org/browser/generateblocks/tags/2.1.1/includes/class-meta-handler.php#L61"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3415721/generateblocks/trunk/includes/class-meta-handler.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-30T15:17:23.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-12-12T14:28:54.000+00:00",
"value": "Disclosed"
}
],
"title": "GenerateBlocks \u003c= 2.1.2 - Authenticated (Contributor+) Information Exposure via Metadata"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-12512",
"datePublished": "2025-12-13T03:20:25.130Z",
"dateReserved": "2025-10-30T15:01:41.942Z",
"dateUpdated": "2025-12-15T15:49:15.370Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-11879 (GCVE-0-2025-11879)
Vulnerability from cvelistv5
Published
2025-10-25 05:31
Modified
2025-10-27 15:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-285 - Improper Authorization
Summary
The GenerateBlocks plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_option_rest' function in all versions up to, and including, 2.1.1. This makes it possible for authenticated attackers, with contributor level access and above, to read arbitrary WordPress options, including sensitive information such as SMTP credentials, API keys, and other data stored by other plugins.
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| edge22 | GenerateBlocks |
Version: * ≤ 2.1.1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11879",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-27T15:51:27.362971Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-27T15:51:35.186Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "GenerateBlocks",
"vendor": "edge22",
"versions": [
{
"lessThanOrEqual": "2.1.1",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lucas Montes"
}
],
"descriptions": [
{
"lang": "en",
"value": "The GenerateBlocks plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the \u0027get_option_rest\u0027 function in all versions up to, and including, 2.1.1. This makes it possible for authenticated attackers, with contributor level access and above, to read arbitrary WordPress options, including sensitive information such as SMTP credentials, API keys, and other data stored by other plugins."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285 Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-25T05:31:21.144Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5f1ba1c7-de88-4070-a4ec-fbe4a0c30920?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/generateblocks/tags/2.1.1/includes/class-meta-handler.php#L78"
},
{
"url": "https://plugins.trac.wordpress.org/browser/generateblocks/tags/2.1.1/includes/class-meta-handler.php#L356"
},
{
"url": "https://plugins.trac.wordpress.org/browser/generateblocks/tags/2.1.1/includes/class-meta-handler.php#L19"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-11T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2025-10-16T21:23:23.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-10-24T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "GenerateBlocks \u003c= 2.1.1 - Improper Authorization to Authenticated (Contributor+) Arbitrary Options Disclosure"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-11879",
"datePublished": "2025-10-25T05:31:21.144Z",
"dateReserved": "2025-10-16T17:39:33.643Z",
"dateUpdated": "2025-10-27T15:51:35.186Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}