Access Control Vulnerability in Post Grid and Gutenberg Blocks by PickPlugins
CVE-2025-66058
6.5MEDIUM
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 18 December 2025
What is CVE-2025-66058?
A missing authorization vulnerability exists in the Post Grid and Gutenberg Blocks plugin by PickPlugins, allowing unauthorized users to exploit incorrectly configured access control security levels. This affects versions from n/a through 2.3.17, potentially enabling unauthorized access to sensitive functionalities or data. It is essential for users and administrators to assess their site's configurations and implement security measures to prevent exploitation.
Affected Version(s)
Post Grid and Gutenberg Blocks <= 2.3.17
References
CVSS V3.1
Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Abu Hurayra (Patchstack Bug Bounty Program)