CVE-2025-8059
BaseFortify
Publication date: 2025-08-12
Last updated on: 2025-08-12
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| bplugins | b_blocks | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in the B Blocks WordPress plugin allows unauthenticated attackers to create a new user account and assign it the administrator role due to missing authorization and improper input validation in the rgfr_registration() function. This is a privilege escalation vulnerability affecting all versions up to and including 2.0.6.
How can this vulnerability impact me? :
This vulnerability can have a severe impact as it allows attackers without any authentication to gain administrator privileges on a WordPress site using the B Blocks plugin. This can lead to full site compromise, including control over content, user data, and site configuration, potentially resulting in data loss, defacement, or further attacks.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, immediately update the B Blocks WordPress plugin to version 2.0.7 or later, as this version was released after the vulnerability was identified. Avoid using versions up to and including 2.0.6. Additionally, review user accounts for unauthorized administrator accounts and remove any suspicious ones. [2]