Primary

Context

ZoloBlocks WordPress Plugin Missing Authorization Vulnerability in Popup Management

Vulnerability

A vulnerability exists in the ZoloBlocks Gutenberg Block Editor Plugin for WordPress, specifically in versions through 2.3.11. The issue arises from a lack of proper capability checks in the update_popup_status() function, allowing unauthenticated attackers to unauthorizedly enable or disable popups.

Impact

Exploitation of this vulnerability could lead to unauthorized changes in popup settings, allowing attackers to manipulate the visibility and behavior of popups on the site.

Remediation

Users are advised to update the ZoloBlocks WordPress plugin to version 2.3.12 or later.

Added: Oct 24, 2025, 10:21 AM

Updated: Oct 24, 2025, 10:21 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

8.1

remediation

7.7

relevance

0.8

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

8.1

remediation

7.7

relevance

0.8

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ZoloBlocks WordPress Plugin Missing Authorization Vulnerability in Popup Management

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating