CVE-2025-50034
BaseFortify
Publication date: 2025-06-20
Last updated on: 2026-04-28
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Missing Authorization (Broken Access Control) issue in the WordPress Enhanced Blocks β Page Builder Blocks for Gutenberg plugin (up to version 1.4.1). It occurs because certain functions lack proper authorization, authentication, or nonce token checks, allowing users with low privileges (Subscriber-level) to perform actions that should be restricted to higher-privileged users. [1]
How can this vulnerability impact me? :
The vulnerability allows unprivileged users to perform unauthorized actions, potentially leading to unauthorized modifications or misuse of the plugin's functionality. Although the CVSS score indicates a low severity impact, exploitation can compromise the integrity of the site. Since the plugin is abandoned and unpatched, the risk remains unless mitigated by removal or virtual patching. Automated attacks may target this vulnerability, so prompt action is advised. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves checking for unauthorized actions performed by users with Subscriber-level privileges that should be restricted to higher-privileged users. Since the vulnerability arises from missing authorization checks in the plugin, monitoring logs for suspicious activity or unauthorized access attempts related to the Enhanced Blocks β Page Builder Blocks for Gutenberg plugin is recommended. Additionally, professional incident response and server-side malware scanning are advised for compromise detection. No specific commands are provided in the resources. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include removing and replacing the vulnerable Enhanced Blocks β Page Builder Blocks for Gutenberg plugin, as no official fix or updated version is available. Deactivating the plugin alone is insufficient unless a virtual patch (vPatch) is applied. Patchstack offers virtual patching that auto-applies security rules to protect sites from exploitation. Prompt action is advised due to the opportunistic nature of automated attacks targeting this vulnerability. [1]