cleantalk
Vulnerabilities and Security Researches

GenerateBlocks, CVE-2024-13546

CVE, Research URL

CVE-2024-13546

Home page URL

Security reports for GenerateBlocks

Application

GenerateBlocks

Published on
Mar 01, 2025
Research Description
The GenerateBlocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.9.1 via the 'get_image_description' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including the content of private, draft, and scheduled posts and pages.
Affected versions
max 2.0.0.
Status
vulnerable
Previous vulnerability researches
GenerateBlocks (CVE-2024-13546) , Mar 01, 2025
GenerateBlocks (CVE-2024-1452) , Jun 06, 2024
GenerateBlocks (CVE-2021-24751) , Jun 06, 2024
GenerateBlocks (CVE-2025-11879) , Nov 10, 2025
New vulnerability
Theme Editor (CVE-2025-9890) , Nov 10, 2025
wpForo Forum (CVE-2025-4203) , Nov 10, 2025
wpForo Forum (CVE-2025-11740) , Nov 10, 2025
Estatik Real Estate Plugin (CVE-2025-62963) , Nov 10, 2025
Interactive Content – H5P (CVE-2025-62951) , Nov 10, 2025