CVE-2025-53284
BaseFortify
Publication date: 2025-06-27
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Broken Access Control issue in the WordPress CMS Blocks plugin (version 1.1 and earlier). It occurs due to missing authorization, authentication, or nonce token checks in certain functions, which allows users with Contributor-level privileges to perform actions that should be restricted to higher privilege levels. [1]
How can this vulnerability impact me? :
The vulnerability can allow unprivileged users (with Contributor privileges) to perform unauthorized actions within the CMS Blocks plugin, potentially leading to unauthorized changes or access to sensitive content. Although the CVSS score is 6.5 indicating moderate severity, the likelihood of exploitation is considered low. There is no official patch yet, but virtual patching is available as a mitigation. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves monitoring for unauthorized actions performed by users with Contributor-level privileges or lower, as the vulnerability allows such users to perform higher privilege actions due to missing authorization checks. Since no specific detection commands are provided, it is recommended to audit access logs for unusual activity related to CMS Blocks plugin functions and monitor for unexpected privilege escalations. Additionally, monitoring for attempts to exploit broken access control in the CMS Blocks plugin could be done by inspecting HTTP requests targeting plugin endpoints for unauthorized access patterns. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying virtual patching (vPatching) offered by Patchstack, which provides automatic protection against this vulnerability even without an official patch. Users should also monitor for updates from the plugin developer, restrict Contributor-level user privileges where possible, and seek professional incident response if a compromise is suspected. [1]