CVE-2025-12449

Name of the Vulnerable Software and Affected Versions aBlocks – WordPress Gutenberg Blocks plugin versions prior to 2.4.1

Description The aBlocks – WordPress Gutenberg Blocks plugin for WordPress has a flaw that allows unauthorized modification of data and disclosure of sensitive information. This is due to missing capability checks on multiple AJAX actions. Authenticated attackers with subscriber level access or higher can read plugin settings, including block visibility and maintenance mode configuration. They can also access sensitive configuration data, such as API keys for email marketing services. The API keys are particularly vulnerable to exposure.

Recommendations Update to version 2.4.1 or later.