CVE-2025-12512: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor in edge22 GenerateBlocks
The GenerateBlocks plugin for WordPress is vulnerable to information exposure due to missing object-level authorization checks in versions up to, and including, 2.1.2. This is due to the plugin registering multiple REST API routes under `generateblocks/v1/meta/` that gate access with `current_user_can('edit_posts')`, which is granted to low-privileged roles such as Contributor. The handlers accept arbitrary entity IDs (user IDs, post IDs, etc.) and meta keys, returning any requested metadata with only a short blacklist of password-like keys for protection. There is no object-level authorization ensuring the caller is requesting only their own data, and there is no allowlist of safe keys. This makes it possible for authenticated attackers, with Contributor-level access and above, to exfiltrate personally identifiable information (PII) and other sensitive profile data of administrator accounts or any other users by directly querying user meta keys via the exposed endpoints via the `get_user_meta_rest` function. In typical WordPress + WooCommerce setups, this includes names, email, phone, and address fields that WooCommerce stores in user meta, enabling targeted phishing, account takeover pretexting, and privacy breaches.
AI Analysis
Technical Summary
The GenerateBlocks plugin for WordPress registers REST API endpoints under generateblocks/v1/meta/ that require only the 'edit_posts' capability, which includes low-privileged roles like Contributor. These endpoints accept arbitrary entity IDs and meta keys and return corresponding metadata without verifying that the requester is authorized to access that specific object's data. A minimal blacklist excludes some password-like keys, but no allowlist or object-level authorization exists. Consequently, authenticated users can retrieve sensitive metadata of other users, including administrators, potentially exposing PII stored in user meta fields such as those used by WooCommerce. This vulnerability is classified as CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor) and has a CVSS 3.1 base score of 4.3 (medium severity).
Potential Impact
Authenticated users with Contributor-level permissions or higher can access sensitive metadata of other users, including administrators, without proper authorization checks. This exposure includes personally identifiable information such as names, emails, phone numbers, and addresses, which can facilitate targeted phishing attacks, account takeover attempts, and privacy violations. The vulnerability does not impact system integrity or availability but compromises confidentiality of user data.
Mitigation Recommendations
No official patch or fix is currently documented for this vulnerability. Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, it is recommended to restrict Contributor-level access where possible and monitor for updates from the GenerateBlocks plugin vendor. Avoid exposing the vulnerable REST API endpoints to untrusted users. Consider applying custom code to enforce object-level authorization on these endpoints if feasible.
CVE-2025-12512: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor in edge22 GenerateBlocks
Description
The GenerateBlocks plugin for WordPress is vulnerable to information exposure due to missing object-level authorization checks in versions up to, and including, 2.1.2. This is due to the plugin registering multiple REST API routes under `generateblocks/v1/meta/` that gate access with `current_user_can('edit_posts')`, which is granted to low-privileged roles such as Contributor. The handlers accept arbitrary entity IDs (user IDs, post IDs, etc.) and meta keys, returning any requested metadata with only a short blacklist of password-like keys for protection. There is no object-level authorization ensuring the caller is requesting only their own data, and there is no allowlist of safe keys. This makes it possible for authenticated attackers, with Contributor-level access and above, to exfiltrate personally identifiable information (PII) and other sensitive profile data of administrator accounts or any other users by directly querying user meta keys via the exposed endpoints via the `get_user_meta_rest` function. In typical WordPress + WooCommerce setups, this includes names, email, phone, and address fields that WooCommerce stores in user meta, enabling targeted phishing, account takeover pretexting, and privacy breaches.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The GenerateBlocks plugin for WordPress registers REST API endpoints under generateblocks/v1/meta/ that require only the 'edit_posts' capability, which includes low-privileged roles like Contributor. These endpoints accept arbitrary entity IDs and meta keys and return corresponding metadata without verifying that the requester is authorized to access that specific object's data. A minimal blacklist excludes some password-like keys, but no allowlist or object-level authorization exists. Consequently, authenticated users can retrieve sensitive metadata of other users, including administrators, potentially exposing PII stored in user meta fields such as those used by WooCommerce. This vulnerability is classified as CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor) and has a CVSS 3.1 base score of 4.3 (medium severity).
Potential Impact
Authenticated users with Contributor-level permissions or higher can access sensitive metadata of other users, including administrators, without proper authorization checks. This exposure includes personally identifiable information such as names, emails, phone numbers, and addresses, which can facilitate targeted phishing attacks, account takeover attempts, and privacy violations. The vulnerability does not impact system integrity or availability but compromises confidentiality of user data.
Mitigation Recommendations
No official patch or fix is currently documented for this vulnerability. Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, it is recommended to restrict Contributor-level access where possible and monitor for updates from the GenerateBlocks plugin vendor. Avoid exposing the vulnerable REST API endpoints to untrusted users. Consider applying custom code to enforce object-level authorization on these endpoints if feasible.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- Wordfence
- Date Reserved
- 2025-10-30T15:01:41.942Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 693ce0d37c4acd10e84d9254
Added to database: 12/13/2025, 3:43:15 AM
Last enriched: 4/9/2026, 4:12:58 PM
Last updated: 5/9/2026, 11:57:33 PM
Views: 95
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.