216.73.216.197

CVE-2025-12449

· Published 07/01/2026 12:16 · Modified 08/01/2026 18:09

Labels: CVE-2025-12449 2026-01-07CVE-2025-12449CWE-862[email protected]

Essential information

Published
07/01/2026 12:16
Modified
08/01/2026 18:09
Author
Creator
CVSS
5.4 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CVSS metrics

Description

The aBlocks – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data and disclosure of sensitive information due to missing capability checks on multiple AJAX actions in all versions up to, and including, 2.4.0. This makes it possible for authenticated attackers, with subscriber level access and above, to read plugin settings including block visibility, maintenance mode configuration, and third-party email marketing API keys, as well as read sensitive configuration data including API keys for email marketing services.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
wordpress / ablocks cpe:2.3:a:wordpress:ablocks:*:*:*:*:*:wordpress:*:*

References