CVE-2025-12134
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-24

Last updated on: 2025-10-27

Assigner: Wordfence

Description
The ZoloBlocks – Gutenberg Block Editor Plugin with Advanced Blocks, Dynamic Content, Templates & Patterns plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_popup_status() function in all versions up to, and including, 2.3.11. This makes it possible for unauthenticated attackers to enable/disable popups.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-24
Last Modified
2025-10-27
Generated
2026-06-16
AI Q&A
2025-10-24
EPSS Evaluated
2026-06-14
NVD
CVE-2025-12134
EUVD
EUVD-2025-35826
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
zolo blocks *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the ZoloBlocks – Gutenberg Block Editor Plugin for WordPress, where a missing capability check in the update_popup_status() function allows unauthenticated attackers to modify data by enabling or disabling popups without authorization.

Impact Analysis

An attacker can exploit this vulnerability to enable or disable popups on a WordPress site without authentication, potentially disrupting user experience or manipulating site behavior.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-12134. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart