{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-23T12:53:06.024","vulnerabilities":[{"cve":{"id":"CVE-2025-12449","sourceIdentifier":"security@wordfence.com","published":"2026-01-07T12:16:46.710","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The aBlocks – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data and disclosure of sensitive information due to missing capability checks on multiple AJAX actions in all versions up to, and including, 2.4.0. This makes it possible for authenticated attackers, with subscriber level access and above, to read plugin settings including block visibility, maintenance mode configuration, and third-party email marketing API keys, as well as read sensitive configuration data including API keys for email marketing services."},{"lang":"es","value":"El plugin aBlocks – WordPress Gutenberg Blocks para WordPress es vulnerable a la modificación no autorizada de datos y a la divulgación de información sensible debido a la falta de comprobaciones de capacidad en múltiples acciones AJAX en todas las versiones hasta la 2.4.0, inclusive. Esto permite a atacantes autenticados, con acceso de nivel de suscriptor y superior, leer la configuración del plugin, incluyendo la visibilidad de los bloques, la configuración del modo de mantenimiento y las claves API de marketing por correo electrónico de terceros, así como leer datos de configuración sensibles, incluyendo claves API para servicios de marketing por correo electrónico."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/ablocks/tags/2.4.0/includes/ajax/settings.php#L16","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/ablocks/tags/2.4.0/includes/assets.php#L353","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/ablocks/tags/2.4.0/includes/classes/abstract-request-handler.php#L486","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c10600ae-1ff0-4f12-ae53-39d9342640f4?source=cve","source":"security@wordfence.com"}]}}]}