What the vulnerability does
01Description
Missing Authorization vulnerability in nK Lazy Blocks lazy-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Lazy Blocks: from n/a through <= 4.1.0.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
What the vulnerability does
Missing Authorization vulnerability in nK Lazy Blocks lazy-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Lazy Blocks: from n/a through <= 4.1.0.
Explanation of Vulnerability in Simple Terms
Lazy Blocks versions 4.1.0 and earlier lack proper authorization checks, allowing authenticated users with low privileges to access sensitive information they should not be able to view. An attacker with a basic user account can read data that should be restricted to administrators or higher-privileged roles. The vulnerability affects the plugin's core functionality and requires an active user account to exploit.
What an attacker can do
Read sensitive data restricted to higher-privilege users.
Potential impact on your site
Unauthorized users can access restricted information; review user permissions and audit access logs.
Conditions required to exploit
Attacker must have a low-privilege user account on the site.
Key dates
External resources