Unauthorized Data Access in Vayu Blocks for WordPress and WooCommerce
CVE-2025-2568

5.3MEDIUM

What is CVE-2025-2568?

The Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce plugin is susceptible to unauthorized data access and potential modification due to inadequate capability checks in crucial functions. Specifically, the 'vayu_blocks_get_toggle_switch_values_callback' and 'vayu_blocks_save_toggle_switch_callback' functions fail to authenticate user permissions. This flaw enables unauthenticated attackers to read sensitive plugin options and alter any option with a key name that ends in '_value', posing significant risks to data integrity and security.

Affected Version(s)

Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce 1.0.4 <= 1.2.1

References

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Kenneth Dunn
.
The Cyber Security Vulnerability Database.