Blockspare < 3.2.14 – Authenticated (Contributor+) Sensitive Information Exposure | CVE 2025-62026 | Plugin Vulnerabilities

Description

The BlockSpare — News, Magazine and Blog Addons for (Gutenberg) Block Editor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.13.2. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive user or configuration data.

Affects Plugins

Fixed in 3.2.14

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/196d472b-b268-48f1-8dda-ee6d9e659483

Classification

Type

SENSITIVE DATA DISCLOSURE

OWASP top 10

A3: Sensitive Data Exposure

CWE

CVSS

Miscellaneous

Original Researcher

Abu Hurayra (HurayraIIT)

Verified

No

WPVDB ID

b0351d26-cda8-4e72-afbd-81a1fe6b5a2a

Timeline

Publicly Published

2025-10-16 (about 8 months ago)

Added

2025-10-23 (about 7 months ago)

Last Updated

2025-10-23 (about 7 months ago)

Other

Published

Title

Published

2024-03-18

Title

WP Go Maps < 9.0.35 - Information Exposure to Potential Denial of Service

Published

2022-08-01

Title

Duplicator < 1.4.7.1 - Unauthenticated System Information Disclosure

Published

2025-12-04

Title

Google Analytics Events <= 2.8.2 - Unauthenticated Information Exposure

Published

2024-02-20

Title

PeproDev Ultimate Invoice < 1.9.8 - Unauthenticated Arbitrary Invoice Access

Published

2026-01-16

Title

AWP Classifieds < 4.4.4 - Unauthenticated Information Exposure