WordPress Plugin Vulnerabilities

Nexter Blocks < 4.0.8 - Missing Authorization

Description

The Nexter Blocks – WordPress Gutenberg Blocks & 1000+ Starter Templates plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 4.0.7. This makes it possible for authenticated attackers, with Contributor-level access and above, to perform an unauthorized action.

Affects Plugins

Plugin icon
the-plus-addons-for-block-editor
Fixed in 4.0.8

References

CVE
CVE-2024-56294
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/819580a0-75ea-475d-b6b8-47d57e5c3d05

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Khalid Yusuf
Verified
No
WPVDB ID
de3e78b6-0df1-4d6e-a53e-398de32890ba

Timeline

Publicly Published
2025-01-03 (about 1 year ago)
Added
2025-01-08 (about 1 year ago)
Last Updated
2025-01-08 (about 1 year ago)

Other

Published
Title
Published
2025-12-10
Title
Carter for Elementor <= 1.0.2 - Missing Authorization
Published
2026-01-15
Title
GetGenie – AI Content Writer with Keyword Research & SEO Tracking Tools < 4.3.1 - Missing Authorization to Authenticated (Author+) Arbitrary Post Deletion
Published
2025-12-30
Title
Registration & Login with Mobile Phone Number for WooCommerce < 1.3.2 - Missing Authorization
Published
2025-12-28
Title
Discussion Board < 2.5.8 - Missing Authorization
Published
2025-05-16
Title
6Storage Rentals <= 2.20.1 - Missing Authorization