cleantalk
Vulnerabilities and Security Researches

GenerateBlocks, CVE-2025-11879

CVE, Research URL

CVE-2025-11879

Home page URL

Security reports for GenerateBlocks

Application

GenerateBlocks

Published on
Oct 25, 2025
Research Description
The GenerateBlocks plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_option_rest' function in all versions up to, and including, 2.1.1. This makes it possible for authenticated attackers, with contributor level access and above, to read arbitrary WordPress options, including sensitive information such as SMTP credentials, API keys, and other data stored by other plugins.
Affected versions
max 2.1.2.
Status
vulnerable
Previous vulnerability researches
WPC Countdown Timer for WooCommerce (CVE-2025-49908) , Nov 10, 2025
New vulnerability
Theme Editor (CVE-2025-9890) , Nov 10, 2025
wpForo Forum (CVE-2025-4203) , Nov 10, 2025
wpForo Forum (CVE-2025-11740) , Nov 10, 2025
Estatik Real Estate Plugin (CVE-2025-62963) , Nov 10, 2025
Interactive Content – H5P (CVE-2025-62951) , Nov 10, 2025