The vulnerability identified as CVE-2025-12134 affects the ZoloBlocks – Gutenberg Block Editor Plugin developed by bdthemes for WordPress. This plugin provides advanced blocks, dynamic content, templates, and patterns for the Gutenberg editor. The core issue lies in the update_popup_status() function, which lacks proper authorization checks (CWE-862: Missing Authorization). This means that any unauthenticated attacker can invoke this function to enable or disable popups on a WordPress site using the vulnerable plugin versions up to and including 2.3.11. The vulnerability does not require any privileges or user interaction, making it remotely exploitable over the network. The CVSS v3.1 base score is 5.3 (medium), reflecting that while there is no direct confidentiality or availability impact, the integrity of the site’s content can be compromised. Attackers could manipulate popup displays, potentially facilitating phishing, misinformation, or user interface manipulation attacks. No patches or official fixes have been published yet, and no known exploits are currently in the wild. The vulnerability was publicly disclosed on October 24, 2025, by Wordfence. The lack of authorization checks in a function that controls popup status is a significant oversight, as it allows unauthorized modification of site behavior, which could undermine user trust and site credibility.

For European organizations, the unauthorized ability to enable or disable popups on WordPress sites can lead to several risks. Popups are often used for marketing, user notifications, or critical alerts; unauthorized changes could disrupt business communications or be exploited to deliver malicious content or phishing attempts. This can damage brand reputation and user trust, potentially leading to financial losses or regulatory scrutiny under GDPR if user data or consent mechanisms are manipulated. Since WordPress is widely used across Europe, especially in small to medium enterprises and public sector websites, the scope of affected systems is significant. The vulnerability’s ease of exploitation without authentication increases the risk of automated or mass exploitation campaigns. While no direct data breach or service disruption is indicated, the integrity compromise can be a stepping stone for further attacks or social engineering campaigns targeting European users.

1. Immediately monitor for updates from bdthemes and apply any patches or new plugin versions that address this vulnerability once released. 2. Until a patch is available, restrict access to WordPress admin and AJAX endpoints by IP whitelisting or VPN access to reduce exposure. 3. Implement Web Application Firewalls (WAF) with custom rules to detect and block unauthorized requests attempting to invoke update_popup_status() or similar plugin functions. 4. Conduct regular audits of plugin usage and permissions to ensure only trusted plugins are active and configured securely. 5. Educate site administrators about the risks of unauthorized popup modifications and encourage vigilance for unusual popup behavior or site changes. 6. Consider temporarily disabling the vulnerable plugin if it is not critical to site operations or replacing it with alternative plugins that do not have this vulnerability. 7. Monitor web server logs for suspicious activity patterns targeting the plugin’s endpoints to detect early exploitation attempts.