cleantalk
Vulnerabilities and Security Researches

Custom Blocks Constructor – Lazy Blocks, CVE-2025-58258

CVE, Research URL

CVE-2025-58258

Home page URL

Security reports for Custom Blocks Constructor – Lazy Blocks

Application

Custom Blocks Constructor – Lazy Blocks

Published on
Sep 23, 2025
Research Description
Missing Authorization vulnerability in nK Lazy Blocks lazy-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Lazy Blocks: from n/a through <= 4.1.0.
Affected versions
max 4.1.1.
Status
vulnerable
Previous vulnerability researches
Shipment Tracker for Woocommerce (CVE-2025-24586) , Apr 20, 2025
Shipment Tracker for Woocommerce (CVE-2026-39540) , Apr 23, 2026
New vulnerability
Poll Maker &#8211; Best WordPress Poll Plugin (CVE-2025-57954) , Apr 24, 2026
HT Mega – Absolute Addons for WPBakery Page Builder (CVE-2025-53463) , Apr 24, 2026
TZ Plus Gallery (CVE-2025-57974) , Apr 24, 2026
User Meta &#8211; User Profile Builder and User management plugin (CVE-2025-9693) , Apr 24, 2026
Gutenberg Blocks &#8211; PublishPress Blocks Gutenberg Editor Plugin (CVE-2025-8588) , Apr 24, 2026