CVE-2025-54733
BaseFortify
Publication date: 2025-08-28
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| areoi | all_bootstrap_blocks | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-54733 is a Broken Access Control vulnerability in the WordPress All Bootstrap Blocks Plugin (versions up to 1.3.28). It occurs because of missing authorization, authentication, or nonce token checks in certain functions, allowing unauthenticated users to perform actions that normally require higher privileges. This means attackers can exploit incorrectly configured access control security levels to carry out unauthorized actions. [1]
How can this vulnerability impact me? :
This vulnerability can allow attackers to perform unauthorized actions on your WordPress site without needing to authenticate. This can lead to potential manipulation or disruption of site functionality, data integrity issues, and possible service availability problems. Since the vulnerability has a CVSS score of 6.5, it poses a moderate risk and may be exploited opportunistically by automated attacks against unpatched sites. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves identifying attempts by unauthenticated users to perform privileged actions on the All Bootstrap Blocks plugin (versions up to 1.3.28). Since the vulnerability is due to missing authorization checks, monitoring web server logs for suspicious requests targeting the plugin's endpoints or functions can help. Additionally, professional incident response and server-side malware scanning are recommended for compromise detection, as plugin-based scanners may be unreliable due to potential tampering. Specific commands are not provided in the resources. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to update the All Bootstrap Blocks plugin to version 1.3.29 or later, where the vulnerability is fixed. Until the update can be applied, users can apply the virtual patch (vPatch) provided by Patchstack to block attacks exploiting this vulnerability. Additionally, using Patchstack's security platform for automatic updates and continuous protection is advised. [1]