CVE-2026-3454

MEDIUM 6.5

GenerateBlocks <= 2.2.0 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Exposure via Dynamic Tag Replacements

CVSS Score

6.5

EPSS Score

0.0%

EPSS Percentile

0th

The GenerateBlocks plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.0. This is due to missing object-level authorization checks in the /wp-json/generateblocks/v1/dynamic-tag-replacements REST endpoint. The endpoint only verifies that the user has the edit_posts capability but does not verify the user has permission to access the specific post or its associated data referenced by attacker-controlled id parameters in dynamic tag content. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive information from arbitrary posts including author email addresses and non-protected post meta values by crafting dynamic tag payloads such as {{post_meta id:<target>|key:<meta_key>}} and {{post_title id:<target>|link:author_email}}.

CWE	CWE-639
Vendor	edge22
Product	generateblocks
Published	May 5, 2026

Stay Ahead of the Next One

Get instant alerts for edge22 generateblocks

Be the first to know when new medium vulnerabilities affecting edge22 generateblocks are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

edge22 / GenerateBlocks

0 ≤ 2.2.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

Credits

Supanat Konprom