GCVE - cpe:2.3:a:bdthemes:zoloblocks_–_gutenberg_block_editor_plugin_with_advanced_blocks,_dynamic_content,_templates_&

Approved changes feed: RSS · Atom

cpe:2.3:a:bdthemes:zoloblocks_–_gutenberg_block_editor_plugin_with_advanced_blocks,_dynamic_content,_templates_&_patterns:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Bdthemes (`5429b37a-0acd-5ad1-805d-fa178e11cdda`)
Product	Zoloblocks – Gutenberg Block Editor Plugin With Advanced Blocks, Dynamic Content, Templates & Patterns (`6b0ca8ef-a717-5060-83b9-dc4b6669d9d7`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-9075`	vulnerable	2026-06-03 15:13:45.376019	ZoloBlocks – Gutenberg Block Editor Plugin with Advanced Blocks, Dynamic Content, Templates & Patterns <= 2.3.10 - Authenticated (Contributor+) Stored Cross-Site Scripting MEDIUM (6.4) The ZoloBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple Gutenberg blocks in versions up to, and including, 2.3.10. This is due to insufficient input sanitization and output escaping on user-supplied attributes within multiple block components including Google Maps markers, Lightbox captions, Image Gallery data attributes, Progress Pie prefix/suffix fields, and Text Path URL fields. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Published: 2025-10-01T03:25:23.865Z Updated: 2026-04-08T16:54:35.412Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/5860d456-a992-4816-8c93-7311c33734e4?source=cve https://plugins.trac.wordpress.org/browser/zoloblocks/tags/2.3.3/build/blocks/google-map/frontend.js#L1 https://plugins.trac.wordpress.org/browser/zoloblocks/tags/2.3.3/build/blocks/image-gallery/frontend.js#L1 https://plugins.trac.wordpress.org/browser/zoloblocks/tags/2.3.3/build/blocks/progress-pie/frontend.js#L1 https://plugins.trac.wordpress.org/browser/zoloblocks/tags/2.3.3/build/blocks/text-path/frontend.js#L1	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-12134`	vulnerable	2026-06-03 14:58:43.865628	ZoloBlocks <= 2.3.11 - Missing Authorization to Unauthenticated Popup Enable/Disable MEDIUM (5.3) The ZoloBlocks – Gutenberg Block Editor Plugin with Advanced Blocks, Dynamic Content, Templates & Patterns plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_popup_status() function in all versions up to, and including, 2.3.11. This makes it possible for unauthenticated attackers to enable/disable popups. Published: 2025-10-24T09:23:31.083Z Updated: 2026-04-08T17:27:21.785Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/da9f89a2-f816-4445-8aea-11b622451ee9?source=cve https://plugins.trac.wordpress.org/changeset/3377160	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Zoloblocks – Gutenberg Block Editor Plugin With Advanced Blocks, Dynamic Content, Templates & Patterns

PURL mappings

Vulnerability references

Contribute