cleantalk
Vulnerabilities and Security Researches

Vulnerabilities and security researches forgenerateblocks generateblocks

Direction: descending
Nov 10, 2025

GenerateBlocks # CVE-2025-11879

CVE, Research URL

CVE-2025-11879

Home page URL

Security reports for GenerateBlocks

Application

GenerateBlocks

Date
Oct 25, 2025
Research Description
The GenerateBlocks plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_option_rest' function in all versions up to, and including, 2.1.1. This makes it possible for authenticated attackers, with contributor level access and above, to read arbitrary WordPress options, including sensitive information such as SMTP credentials, API keys, and other data stored by other plugins.
Affected versions
max 2.1.2.
Status
vulnerable
Mar 01, 2025

GenerateBlocks # CVE-2024-13546

CVE, Research URL

CVE-2024-13546

Home page URL

Security reports for GenerateBlocks

Application

GenerateBlocks

Date
Mar 01, 2025
Research Description
The GenerateBlocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.9.1 via the 'get_image_description' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including the content of private, draft, and scheduled posts and pages.
Affected versions
max 2.0.0.
Status
vulnerable
Jun 06, 2024

GenerateBlocks # CVE-2024-1452

CVE, Research URL

CVE-2024-1452

Home page URL

Security reports for GenerateBlocks

Application

GenerateBlocks

Date
Mar 13, 2024
Research Description
The GenerateBlocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.2 via Query Loop. This makes it possible for authenticated attackers, with contributor access and above, to see contents of posts and pages in draft or private status as well as those with scheduled publication dates.
Affected versions
max 1.8.3.
Status
vulnerable

GenerateBlocks # CVE-2021-24751

CVE, Research URL

CVE-2021-24751

Home page URL

Security reports for GenerateBlocks

Application

GenerateBlocks

Date
Nov 29, 2021
Research Description
The GenerateBlocks WordPress plugin before 1.4.0 does not validate the generateblocks/container block's tagName attribute, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks.
Affected versions
max 1.4.0.
Status
vulnerable