CVE-2025-62090

Vulnerability

Overview

The Gutenverse News – Advanced News Magazine Blog Gutenberg Blocks Addons plugin for WordPress (versions up to and including 3.0.2) contains a missing authorization vulnerability. This means that certain functions or endpoints do not properly verify whether the requesting user has the necessary permissions, allowing access to actions that should be restricted to higher-privileged roles [1].

Exploitation

An attacker can exploit this flaw without needing any special authentication or by using a low-privileged account. The missing access control checks enable the attacker to trigger functionality that should require administrative or editor-level privileges. Because the vulnerability is in a widely used plugin, it could be targeted in automated attacks against many sites simultaneously [1].

Impact

Successful exploitation allows an attacker to perform unauthorized actions, such as modifying plugin settings, altering content, or accessing sensitive data. The CVSS score of 6.5 (Medium) reflects the potential for significant disruption, though the vendor assesses the likelihood of exploitation as low [1].

Mitigation

The vulnerability has been patched in version 3.1.0. Users are strongly advised to update immediately. If updating is not possible, implementing additional access controls or consulting a security professional is recommended. Patchstack users can enable auto-updates for vulnerable plugins [1].