GCVE - cpe:2.3:a:themehunk:vayu_blocks_–_gutenberg_blocks_for_wordpress_&

Approved changes feed: RSS · Atom

cpe:2.3:a:themehunk:vayu_blocks_–_gutenberg_blocks_for_wordpress_&_woocommerce:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Themehunk (`b3cb38a5-b275-5673-a051-0d6ce3409958`)
Product	Vayu Blocks – Gutenberg Blocks For Wordpress & Woocommerce (`b90ae235-fcd4-5e37-b5df-0f8dfd8931b4`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-2568`	vulnerable	2026-06-03 15:00:25.911414	Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce 1.0.4 - 1.2.1 - Missing Authorization to Unauthenticated Limited Arbitrary Options Update MEDIUM (5.3) The Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized access and modification of data due to missing capability checks on the 'vayu_blocks_get_toggle_switch_values_callback' and 'vayu_blocks_save_toggle_switch_callback' function in versions 1.0.4 to 1.2.1. This makes it possible for unauthenticated attackers to read plugin options and update any option with a key name ending in '_value'. Published: 2025-04-08T11:11:30.860Z Updated: 2025-04-08T13:01:03.193Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/27ca93a1-3dfc-4bbd-834a-1c04d9e22ebf?source=cve https://plugins.trac.wordpress.org/browser/vayu-blocks/trunk/inc/function.php#L126 https://plugins.trac.wordpress.org/browser/vayu-blocks/trunk/inc/function.php#L133 https://plugins.trac.wordpress.org/browser/vayu-blocks/trunk/inc/function.php#L139 https://plugins.trac.wordpress.org/browser/vayu-blocks/trunk/inc/function.php#L182	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-22644`	vulnerable	2026-06-03 14:59:41.039779	WordPress Vayu Blocks – Gutenberg Blocks plugin <= 1.4.7 - Cross Site Scripting (XSS) vulnerability MEDIUM (6.5) Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeHunk Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce vayu-blocks allows Stored XSS.This issue affects Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce: from n/a through <= 1.4.7. Published: 2025-03-27T15:11:02.873Z Updated: 2026-04-28T16:11:02.886Z Open on db.gcve.eu Reference links https://patchstack.com/database/Wordpress/Plugin/vayu-blocks/vulnerability/wordpress-vayu-blocks-gutenberg-blocks-plugin-1-2-1-cross-site-scripting-xss-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Vayu Blocks – Gutenberg Blocks For Wordpress & Woocommerce

PURL mappings

Vulnerability references

Contribute