WordPress Plugin Vulnerabilities

Classic Widgets with Block-based Widgets <= 1.0.1 - Missing Authorization

Description

The Classic Widgets with Block-based Widgets plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 1.0.1. This makes it possible for unauthenticated attackers to perform an unauthorized action.

Affects Plugins

References

Classification

Type
NO AUTHORISATION
CWE

Miscellaneous

Original Researcher
Nabil Irawan
Verified
No

Timeline

Publicly Published
2025-09-22 (about 9 months ago)
Added
2025-09-26 (about 9 months ago)
Last Updated
2025-09-26 (about 9 months ago)

Other