Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total5
Critical0
High0
Medium5
Reset
Showing 1-5 of 5 records
Threat Entry Updated 2025-12-15

CVE-2025-12512 - Generateblocks Plugin

The GenerateBlocks plugin for WordPress is vulnerable to information exposure due to missing object-level authorization checks in versions up to, and including, 2.1.2. This is due to the plugin registering multiple REST API routes under `generateblocks/v1/meta/` that gate access with `current_user_can('edit_posts')`, which is granted to low-privileged roles such as Contributor. The handlers accept arbitrary entity IDs (user IDs, post IDs, etc.) and meta keys, returning any requested metadata with only a short blacklist of password-like keys for protection. There is no object-level authorization ensuring the caller is requesting only their…

PLUGIN Generateblocks

CVE-2025-12512

MEDIUM CVSS 4.3 2025-12-13
Open Full Technical Breakdown
Threat Entry Updated 2025-10-27

CVE-2025-11879 - Generateblocks Plugin

The GenerateBlocks plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_option_rest' function in all versions up to, and including, 2.1.1. This makes it possible for authenticated attackers, with contributor level access and above, to read arbitrary WordPress options, including sensitive information such as SMTP credentials, API keys, and other data stored by other plugins.

PLUGIN Generateblocks

CVE-2025-11879

MEDIUM CVSS 6.5 2025-10-25
Open Full Technical Breakdown
Threat Entry Updated 2025-03-01

CVE-2024-13546 - Generateblocks Plugin

The GenerateBlocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.9.1 via the 'get_image_description' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including the content of private, draft, and scheduled posts and pages.

PLUGIN Generateblocks

CVE-2024-13546

MEDIUM CVSS 4.3 2025-03-01
Open Full Technical Breakdown
Threat Entry Updated 2025-03-12

CVE-2024-1452 - Generateblocks Plugin

The GenerateBlocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.2 via Query Loop. This makes it possible for authenticated attackers, with contributor access and above, to see contents of posts and pages in draft or private status as well as those with scheduled publication dates.

PLUGIN Generateblocks

CVE-2024-1452

MEDIUM CVSS 4.3 2024-03-13
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-24751 - Generateblocks Plugin

The GenerateBlocks WordPress plugin before 1.4.0 does not validate the generateblocks/container block's tagName attribute, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks.

PLUGIN Generateblocks

CVE-2021-24751

MEDIUM CVSS 5.4 2021-11-29
Open Full Technical Breakdown
Scroll to top