CVE-2025-12134

The ZoloBlocks – Gutenberg Block Editor Plugin with Advanced Blocks, Dynamic Content, Templates & Patterns plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the updatepopupstatus function in all versions up to, and including, 2.3.11. This...

WordPress plugin ZoloBlocks 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

CVE-2025-12134 ZoloBlocks <= 2.3.11 - Missing Authorization to Unauthenticated Popup Enable/Disable

The ZoloBlocks – Gutenberg Block Editor Plugin with Advanced Blocks, Dynamic Content, Templates & Patterns plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the updatepopupstatus function in all versions up to, and including, 2.3.11. This...

PT-2025-43605

Name of the Vulnerable Software and Affected Versions ZoloBlocks – Gutenberg Block Editor Plugin versions prior to 2.3.12 Description The ZoloBlocks – Gutenberg Block Editor Plugin for WordPress has a flaw that allows unauthorized modification of data. Specifically, a missing capability check...

WordPress ZoloBlocks plugin <= 2.3.11 - Missing Authorization to Unauthenticated Popup Enable/Disable vulnerability

Missing Authorization to Unauthenticated Popup Enable/Disable vulnerability discovered by Jay in WordPress Plugin ZoloBlocks versions = 2.3.11...

CVE-2025-49903 WordPress ZoloBlocks plugin <= 2.3.11 - Broken Access Control vulnerability

Missing Authorization vulnerability in bdthemes ZoloBlocks zoloblocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ZoloBlocks: from n/a through = 2.3.11...

CVE-2025-9075

The ZoloBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple Gutenberg blocks in versions up to, and including, 2.3.10. This is due to insufficient input sanitization and output escaping on user-supplied attributes within multiple block components including Google...

CVE-2025-9075 ZoloBlocks – Gutenberg Block Editor Plugin with Advanced Blocks, Dynamic Content, Templates & Patterns <= 2.3.10 - Authenticated (Contributor+) Stored Cross-Site Scripting

The ZoloBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple Gutenberg blocks in versions up to, and including, 2.3.10. This is due to insufficient input sanitization and output escaping on user-supplied attributes within multiple block components including Google...

WordPress ZoloBlocks Plugin <= 2.3.11 - Server Side Request Forgery (SSRF) Vulnerability

Server Side Request Forgery SSRF Vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin ZoloBlocks versions = 2.3.11...

CVE-2025-58230

ZoloBlocks (WordPress plugin) has a DOM-based XSS vulnerability caused by improper input neutralization during Web Page Generation. Affected versions are listed as up to 2.3.9 in the CVE description, with connected sources indicating a later patched state (≤ 2.3.12). Exploitation details are not ...

CVE-2025-53210 WordPress ZoloBlocks Plugin <= 2.3.2 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in bdthemes ZoloBlocks zoloblocks allows PHP Local File Inclusion.This issue affects ZoloBlocks: from n/a through = 2.3.2...