PT-2026-3342 · WordPress · Page Builder Gutenberg Blocks+1
Athiwat Tiprasaharn
·
Published
2026-01-17
·
Updated
2026-01-17
·
CVE-2025-13725
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Gutenberg Thim Blocks – Page Builder, Gutenberg Blocks for the Block Editor plugin for WordPress versions up to and including 1.0.1
Description
The Gutenberg Thim Blocks plugin for WordPress is susceptible to unauthorized file access. This is a result of inadequate path validation during the server-side rendering of the thim-blocks/icon block. Authenticated attackers possessing Contributor-level access or higher can potentially read the contents of arbitrary files on the server by manipulating the
iconSVG parameter. This parameter can be used to access sensitive files like wp-config.php.Recommendations
Update Gutenberg Thim Blocks – Page Builder, Gutenberg Blocks for the Block Editor plugin to a version later than 1.0.1.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
The Plus Blocks For Block Editor | Gutenberg
Page Builder Gutenberg Blocks