CVE-2025-47601
BaseFortify
Publication date: 2025-06-07
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-47601 is a privilege escalation vulnerability in the WordPress MaxiBlocks plugin versions up to 2.1.0. It allows an attacker who already has low-level privileges (at least Contributor role) to arbitrarily update options within the plugin, thereby escalating their privileges to higher levels. This can lead to the attacker gaining full control over the affected WordPress website. The vulnerability is due to missing authorization checks and falls under the OWASP Top 10 category A7: Identification and Authentication Failures. [1]
How can this vulnerability impact me? :
This vulnerability can have a severe impact as it allows an attacker with low-level access to escalate their privileges and potentially take full control of the affected WordPress site. This means the attacker could modify site content, install malicious code, steal sensitive data, or disrupt site operations. Since no official patch is available yet, affected sites remain at risk until mitigated by a virtual patch or other protective measures. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
There are no specific detection commands provided for this vulnerability. However, since the vulnerability requires at least Contributor-level privileges to exploit and involves arbitrary option updates in the MaxiBlocks WordPress plugin (version up to 2.1.0), monitoring for unusual privilege escalations or unauthorized option changes in the WordPress admin area may help detect exploitation attempts. Additionally, using professional incident response services is recommended if compromise is suspected, as plugin-based malware scanners may be unreliable. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying the virtual patch (vPatch) released by Patchstack, which blocks exploitation attempts until an official fix is available. Since no official patch exists yet, using this virtual patch is the recommended rapid protection measure. It is also advised to seek professional incident response services if the website is suspected to be compromised. [1]