CVE-2025-2568

Name of the Vulnerable Software and Affected Versions: The Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce plugin versions 1.0.4 through 1.2.1

Description: The issue allows unauthorized access and modification of data due to missing capability checks on the vayu blocks get toggle switch values callback and vayu blocks save toggle switch callback functions. This enables unauthenticated attackers to read plugin options and update any option with a key name ending in value.

Recommendations: For versions 1.0.4 through 1.2.1, as a temporary workaround, consider disabling the vayu blocks get toggle switch values callback and vayu blocks save toggle switch callback functions until a patch is available. Restrict access to the plugin options to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.