WordPress Plugin Vulnerabilities

Nexter Blocks < 4.6.4 - Authenticated (Subscriber+) Information Exposure

Description

The Nexter Gutenberg Blocks – Website Builder & 1000+ Starter Templates plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.6.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract sensitive user or configuration data.

Affects Plugins

Plugin icon
the-plus-addons-for-block-editor
Fixed in 4.6.4

References

CVE
CVE-2026-24377
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/5e31eda3-06f8-44c5-8b05-74283d4d20bb

Classification

Type
SENSITIVE DATA DISCLOSURE
OWASP top 10
A3: Sensitive Data Exposure
CWE
CWE-200
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Nabil Irawan
Verified
No
WPVDB ID
d1cc2fd8-e33b-4b81-a6c7-ea174d0cffac

Timeline

Publicly Published
2026-01-26 (about 3 months ago)
Added
2026-02-02 (about 3 months ago)
Last Updated
2026-02-02 (about 3 months ago)

Other

Published
Title
Published
2024-12-11
Title
Vimeography < 2.4.5 - Sensitive Information Exposure
Published
2024-09-05
Title
LiteSpeed Cache < 6.5.0.1 - Unauthenticated Sensitive Information Exposure via Log Files
Published
2025-06-04
Title
MultiVendorX < 4.2.23 - Unauthenticated Information Exposure
Published
2024-06-21
Title
SiteGuard WP Plugin < 1.7.7 - Login Page Disclosure
Published
2025-02-23
Title
System Dashboard < 2.8.19 - Authenticated (Subscriber+) Sensitive Information Exposure