VYPR

Zoloblocks

by WordPress

Source repositories

CVEs (6)

  • CVE-2025-53210HigAug 20, 2025
    risk 0.49cvss 7.5epss 0.00

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in bdthemes ZoloBlocks zoloblocks allows PHP Local File Inclusion.This issue affects ZoloBlocks: from n/a through <= 2.3.2.

  • CVE-2025-9075MedOct 1, 2025
    risk 0.42cvss 6.4epss 0.00

    The ZoloBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple Gutenberg blocks in versions up to, and including, 2.3.10. This is due to insufficient input sanitization and output escaping on user-supplied attributes within multiple block…

  • CVE-2025-58230MedSep 22, 2025
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bdthemes ZoloBlocks zoloblocks allows DOM-Based XSS.This issue affects ZoloBlocks: from n/a through <= 2.3.12.

  • CVE-2025-60161MedSep 26, 2025
    risk 0.35cvss 5.4epss 0.00

    Server-Side Request Forgery (SSRF) vulnerability in bdthemes ZoloBlocks zoloblocks allows Server Side Request Forgery.This issue affects ZoloBlocks: from n/a through <= 2.3.11.

  • CVE-2025-49903MedOct 22, 2025
    risk 0.34cvss 5.3epss 0.00

    Missing Authorization vulnerability in bdthemes ZoloBlocks zoloblocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ZoloBlocks: from n/a through <= 2.3.11.

  • CVE-2025-12134MedOct 24, 2025
    risk 0.27cvss 5.3epss 0.00

    The ZoloBlocks – Gutenberg Block Editor Plugin with Advanced Blocks, Dynamic Content, Templates & Patterns plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_popup_status() function in all versions up to, and…