Unauthorized Data Access in Vayu Blocks for WordPress and WooCommerce
CVE-2025-2568
5.3MEDIUM
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 8 April 2025
What is CVE-2025-2568?
The Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce plugin is susceptible to unauthorized data access and potential modification due to inadequate capability checks in crucial functions. Specifically, the 'vayu_blocks_get_toggle_switch_values_callback' and 'vayu_blocks_save_toggle_switch_callback' functions fail to authenticate user permissions. This flaw enables unauthenticated attackers to read sensitive plugin options and alter any option with a key name that ends in '_value', posing significant risks to data integrity and security.
Affected Version(s)
Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce 1.0.4 <= 1.2.1