CVE-2025-12134
Unknown Unknown - Not Provided

BaseFortify

Vulnerability report for CVE-2025-12134, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-10-24

Last updated on: 2025-10-27

Assigner: Wordfence

Description

The ZoloBlocks – Gutenberg Block Editor Plugin with Advanced Blocks, Dynamic Content, Templates & Patterns plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_popup_status() function in all versions up to, and including, 2.3.11. This makes it possible for unauthenticated attackers to enable/disable popups.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-10-24
Last Modified
2025-10-27
Generated
2026-07-06
AI Q&A
2025-10-24
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
zolo blocks *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in the ZoloBlocks – Gutenberg Block Editor Plugin for WordPress, where a missing capability check in the update_popup_status() function allows unauthenticated attackers to modify data by enabling or disabling popups without authorization.

Impact Analysis

An attacker can exploit this vulnerability to enable or disable popups on a WordPress site without authentication, potentially disrupting user experience or manipulating site behavior.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-12134. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart