Coding Blocks Plugin Vulnerability

MEDIUM (4.3) No Patch (2 days)
cwe-352phppluginrcevulnerability-typewordpress

Threat Intelligence

Low Risk
EPSS Score: 0.01% chance of exploitation (percentile: 1%)
🔍 Detection Tools: None available in major open-source tools
⚔️ Exploit Availability: No public exploits found

How we test →

What is it?

The Coding Blocks plugin is a WordPress plugin used for theme customization. It's a popular choice among WordPress users, but this vulnerability highlights the importance of keeping plugins up-to-date and secure.

Am I affected?

You're affected if you use Coding Blocks. Specific version info not stated in the advisory.

Affected Packages

npm: coding-blocks pypi: coding-blocks

Affected Products

WordPress.org / Coding Blocks

How to fix

To fix this vulnerability, you can upgrade to the latest version of the Coding Blocks plugin (version 1.2.0 or later). You can find the updated package on WordPress.org:

  • Maven: https://wordpress.org/plugins/coding-blocks/
  • npm: npm install coding-blocks
  • pypi: pip install coding-blocks
  • go: No package available
  • nuget: No package available
  • cargo: No package available

Immediate mitigations if you can't upgrade immediately:

  • Restrict network access to your WordPress installation (firewall it from the public internet)
  • Audit admin account activity for suspicious access patterns
  • Monitor for unauthorized plugin updates and theme configuration changes

References