cbcvebase.
CVE-2025-8059
published 2025-08-12

CVE-2025-8059: The B Blocks plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization and improper input validation within the…

PriorityP266critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.45%
35.6th percentile
The B Blocks plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization and improper input validation within the rgfr_registration() function in all versions up to, and including, 2.0.6. This makes it possible for unauthenticated attackers to create a new account and assign it the administrator role.

Affected

1 ranges
VendorProductVersion rangeFixed in
bpluginsbblocks_essential_gutenberg_blocks_patterns_collection<= 2.0.6
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.