WordPress ZoloBlocks plugin <= 2.3.11 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Que Thanh Tuan - Blue Rock in WordPress Plugin ZoloBlocks versions = 2.3.11...

CVE-2025-12134

The ZoloBlocks – Gutenberg Block Editor Plugin with Advanced Blocks, Dynamic Content, Templates & Patterns plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the updatepopupstatus function in all versions up to, and including, 2.3.11. This...

WordPress plugin ZoloBlocks 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

CVE-2025-12134

The ZoloBlocks – Gutenberg Block Editor Plugin with Advanced Blocks, Dynamic Content, Templates & Patterns plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the updatepopupstatus function in all versions up to, and including, 2.3.11. This...

CVE-2025-12134 ZoloBlocks <= 2.3.11 - Missing Authorization to Unauthenticated Popup Enable/Disable

The ZoloBlocks – Gutenberg Block Editor Plugin with Advanced Blocks, Dynamic Content, Templates & Patterns plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the updatepopupstatus function in all versions up to, and including, 2.3.11. This...

CVE-2025-12134

CVE-2025-12134 affects the ZoloBlocks Gutenberg block plugin for WordPress. All versions up to 2.3.11 lack a capability check in update_popup_status(), enabling unauthenticated users to enable/disable popups (unauthorized data modification). The CVE maps to a Medium severity (CVSS ~5.3). Remediat...

PT-2025-43605

Name of the Vulnerable Software and Affected Versions ZoloBlocks – Gutenberg Block Editor Plugin versions prior to 2.3.12 Description The ZoloBlocks – Gutenberg Block Editor Plugin for WordPress has a flaw that allows unauthorized modification of data. Specifically, a missing capability check...

WordPress ZoloBlocks plugin <= 2.3.11 - Missing Authorization to Unauthenticated Popup Enable/Disable vulnerability

Missing Authorization to Unauthenticated Popup Enable/Disable vulnerability discovered by Jay in WordPress Plugin ZoloBlocks versions = 2.3.11...

CVE-2025-49903

Missing Authorization vulnerability in bdthemes ZoloBlocks zoloblocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ZoloBlocks: from n/a through = 2.3.11...

EUVD-2025-35549

Missing Authorization vulnerability in bdthemes ZoloBlocks zoloblocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ZoloBlocks: from n/a through = 2.3.11...

CVE-2025-49903

Missing Authorization vulnerability in bdthemes ZoloBlocks zoloblocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ZoloBlocks: from n/a through = 2.3.11...

CVE-2025-49903 WordPress ZoloBlocks plugin <= 2.3.11 - Broken Access Control vulnerability

Missing Authorization vulnerability in bdthemes ZoloBlocks zoloblocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ZoloBlocks: from n/a through = 2.3.11...

CVE-2025-49903 WordPress ZoloBlocks plugin <= 2.3.11 - Broken Access Control vulnerability

Missing Authorization vulnerability in bdthemes ZoloBlocks zoloblocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ZoloBlocks: from n/a through = 2.3.11...

CVE-2025-49903

CVE-2025-49903 is a real WordPress vulnerability in the bdthemes ZoloBlocks plugin. Wordfence and Patchstack indicate a Missing Authorization /broken access control issue in ZoloBlocks versions up to 2.3.11, potentially enabling unauthorized access due to incorrectly configured access control sec...

PT-2025-43173

Name of the Vulnerable Software and Affected Versions bdthemes ZoloBlocks versions through 2.3.11 Description An authorization issue exists in bdthemes ZoloBlocks that allows exploiting incorrectly configured access control security levels. Recommendations Update to a version later than 2.3.11...

WordPress plugin ZoloBlocks 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

EUVD-2025-30558

Malicious code in bioql PyPI...

EUVD-2025-31244

Malicious code in bioql PyPI...

EUVD-2025-28499

Malicious code in bioql PyPI...

CVE-2025-9075

The ZoloBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple Gutenberg blocks in versions up to, and including, 2.3.10. This is due to insufficient input sanitization and output escaping on user-supplied attributes within multiple block components including Google...