Vulnerabilities and security researches forb-blocks b-blocks
Direction: descendingAug 12, 2025
B Blocks – The ultimate block collection # CVE-2025-8059
- CVE, Research URL
- Application
- Date
- Aug 12, 2025
- Research Description
- The B Blocks plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization and improper input validation within the rgfr_registration() function in all versions up to, and including, 2.0.6. This makes it possible for unauthenticated attackers to create a new account and assign it the administrator role.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Apr 06, 2025
B Blocks – The ultimate block collection # CVE-2025-32173
- CVE, Research URL
- Application
- Date
- Apr 04, 2025
- Research Description
- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins B Blocks - The ultimate block collection allows Stored XSS. This issue affects B Blocks - The ultimate block collection: from n/a through 2.0.0.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Jun 07, 2024
B Blocks – The ultimate block collection # ca74bacceb60973eeb228d127379636c61208cb5
- CVE, Research URL
- Application
- Date
- Jul 18, 2023
- Research Description
- B Blocks – The ultimate block collection [b-blocks] < 1.7.8 WordPress B Blocks - The ultimate block collection Plugin < 1.7.8 is vulnerable to Cross Site Scripting (XSS) Update the plugin to the latest version. Rafie Muhammad (Patchstack) discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress B Blocks - The ultimate block collection Plugin. This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has been fixed in version 1.7.8.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable