PT-2025-32623 · WordPress · B Blocks

Peter Thaleikis

Published

2025-08-12

Updated

2025-08-17

CVE-2025-8059

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: B Blocks plugin for WordPress versions prior to 2.0.7

Description: The B Blocks plugin for WordPress is susceptible to privilege escalation due to missing authorization and improper input validation within the rgfr registration() function. This allows unauthenticated attackers to create a new account and assign it the administrator role.

Recommendations: Update the B Blocks plugin to a version prior to 2.0.7.

Fix

LPE

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862

Related Identifiers

CVE-2025-8059

Affected Products

B Blocks

PT-2025-32623 · WordPress · B Blocks

CVE-2025-8059

Weakness Enumeration

Related Identifiers

Affected Products

References · 12