GenerateBlocks WordPress Plugin Unauthorized Data Access Vulnerability

A vulnerability exists in the GenerateBlocks plugin for WordPress, allowing unauthorized data access due to a missing capability check in the 'get_option_rest' function. This issue affects all versions up to and including 2.1.1. The vulnerability enables authenticated attackers with contributor level access and above to read arbitrary WordPress options. This could include sensitive information such as SMTP credentials, API keys, and other data stored by different plugins.

Impact

Exploitation of this vulnerability could lead to unauthorized disclosure of sensitive WordPress option data, including information like SMTP credentials and API keys.

Reproduction

To reproduce this vulnerability, an authenticated user with contributor level access or higher can send a GET request to the 'generateblocks/v1/meta/get-option' endpoint via the WordPress REST API. The request must include the 'key' parameter specifying the option to be retrieved. The absence of a proper capability check allows the user to access options they should not be able to.

Remediation

Users are advised to update the GenerateBlocks plugin to version 2.1.2 or a later patched version.