CVE-2025-58968
BaseFortify
Publication date: 2025-09-22
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wordpress | maxi_blocks | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-58968 is a Broken Access Control vulnerability in the WordPress MaxiBlocks Plugin up to version 2.1.3. It occurs due to missing authorization, authentication, or nonce token checks in certain plugin functions, which allows users with contributor-level privileges to perform actions that should be restricted to higher-privileged roles. This means that the plugin incorrectly enforces access control, enabling unauthorized actions by less privileged users. [1]
How can this vulnerability impact me? :
This vulnerability can allow users with contributor-level access to perform actions reserved for higher-privileged roles, potentially leading to unauthorized changes or control within the WordPress site. Although the severity is considered low (CVSS score 5.0) and exploitation likelihood is low, it could still result in unauthorized modifications or misuse of the plugin's functionality. Users are advised to update to version 2.1.4 or later to fix the issue. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves checking the version of the MaxiBlocks WordPress plugin installed on your system. If the version is 2.1.3 or earlier, it is vulnerable. Since the vulnerability arises from missing authorization checks in plugin functions, monitoring for unauthorized actions performed by contributor-level users may help. However, plugin-based malware scanners may be unreliable for detection. Patchstack offers virtual patching that can auto-mitigate the vulnerability and may include detection capabilities. Specific commands are not provided in the resources. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to update the MaxiBlocks WordPress plugin to version 2.1.4 or later, where the issue is fixed. As an interim mitigation, Patchstack offers virtual patching (vPatching) that auto-mitigates the vulnerability even before official patches are applied. Additionally, if your site is compromised, it is advised to seek professional incident response. Due to the low severity and exploitation likelihood, patch priority is low but updating remains the recommended action. [1]