VYPR

Generateblocks

by WordPress

Source repositories

CVEs (7)

  • CVE-2026-48877MedMay 27, 2026
    risk 0.42cvss 6.5epss 0.00

    Insertion of Sensitive Information Into Sent Data vulnerability in Tom GenerateBlocks allows Retrieve Embedded Sensitive Data. This issue affects GenerateBlocks: from n/a through 2.1.0.

  • CVE-2026-3454MedMay 5, 2026
    risk 0.42cvss 6.5epss 0.01

    The GenerateBlocks plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.0. This is due to missing object-level authorization checks in the /wp-json/generateblocks/v1/dynamic-tag-replacements REST endpoint. The endpoint…

  • CVE-2025-11879MedOct 25, 2025
    risk 0.42cvss 6.5epss 0.00

    The GenerateBlocks plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_option_rest' function in all versions up to, and including, 2.1.1. This makes it possible for authenticated attackers, with contributor level access…

  • CVE-2024-1452MedMar 13, 2024
    risk 0.28cvss 4.3epss 0.01

    The GenerateBlocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.2 via Query Loop. This makes it possible for authenticated attackers, with contributor access and above, to see contents of posts and pages in draft…

  • CVE-2025-12512MedDec 13, 2025
    risk 0.21cvss 4.3epss 0.00

    The GenerateBlocks plugin for WordPress is vulnerable to information exposure due to missing object-level authorization checks in versions up to, and including, 2.1.2. This is due to the plugin registering multiple REST API routes under `generateblocks/v1/meta/` that gate access…

  • CVE-2024-13546MedMar 1, 2025
    risk 0.21cvss 4.3epss 0.00

    The GenerateBlocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.9.1 via the 'get_image_description' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract…

  • CVE-2021-24751Nov 29, 2021
    risk 0.00cvss epss 0.01

    The GenerateBlocks WordPress plugin before 1.4.0 does not validate the generateblocks/container block's tagName attribute, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks.