Primary

Context

Vayu Blocks WordPress Plugin Missing Authorization Vulnerability Allows Unauthenticated Options Modification

Vulnerability

A vulnerability exists in the Vayu Blocks Gutenberg Blocks for WordPress and WooCommerce plugin, specifically in versions 1.0.4 prior to 1.2.1. The issue arises from inadequate capability checks in the 'vayu_blocks_get_toggle_switch_values_callback' and 'vayu_blocks_save_toggle_switch_callback' functions. This flaw enables unauthenticated attackers to read plugin options and modify any option with a key ending in '_value'.

Impact

Exploitation of this vulnerability could lead to unauthorized access and modification of WordPress options, potentially allowing attackers to change settings or data within the affected site.

Remediation

Users are advised to update the Vayu Blocks plugin to version 1.2.2 or later.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

8.1

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

8.1

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vayu Blocks WordPress Plugin Missing Authorization Vulnerability Allows Unauthenticated Options Modification

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating