CVE-2025-47601
published 2025-06-07CVE-2025-47601: Missing Authorization vulnerability in Christiaan Pieterse MaxiBlocks maxi-blocks allows Privilege Escalation.This issue affects MaxiBlocks: from n/a through…
PriorityP275high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
0.28%
19.4th percentile
Missing Authorization vulnerability in Christiaan Pieterse MaxiBlocks maxi-blocks allows Privilege Escalation.This issue affects MaxiBlocks: from n/a through <= 2.1.0.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| christiaan_pieterse | maxiblocks | <= 2.1.0 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-fvwj-582j-236v: Missing Authorization vulnerability in Christiaan Pieterse MaxiBlocks allows Privilege Escalation
ghsa_unreviewed·2025-06-07
CVE-2025-47601 [HIGH] CWE-862 GHSA-fvwj-582j-236v: Missing Authorization vulnerability in Christiaan Pieterse MaxiBlocks allows Privilege Escalation
Missing Authorization vulnerability in Christiaan Pieterse MaxiBlocks allows Privilege Escalation.This issue affects MaxiBlocks: from n/a through 2.1.0.
VulnCheck
Missing Authorization
vulncheck·2025
CVE-2025-47601 Missing Authorization
Missing Authorization
Missing Authorization vulnerability in Christiaan Pieterse MaxiBlocks maxi-blocks allows Privilege Escalation.This issue affects MaxiBlocks: from n/a through <= 2.1.0.
Affected: Christiaan Pieterse MaxiBlocks
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://patchstack.com/database/wordpress/plugin/maxi-blocks/vulnerability/wordpress-maxiblocks-plugin-2-1-0-arbitrary-option-update-to-privilege-escalation-vulnerability; https://www.cve.org/CVERecord?id=CVE-2025-47601
No detection rules found.
No public exploits indexed.
2025-06-07
Published
Exploited in the wild