cleantalk
Vulnerabilities and Security Researches

B Blocks – The ultimate block collection, CVE-2025-8059

CVE, Research URL

CVE-2025-8059

Home page URL

Security reports for B Blocks – The ultimate block collection

Application

B Blocks – The ultimate block collection

Published on
Aug 12, 2025
Research Description
The B Blocks plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization and improper input validation within the rgfr_registration() function in all versions up to, and including, 2.0.6. This makes it possible for unauthenticated attackers to create a new account and assign it the administrator role.
Affected versions
Min -, max 2.0.7.
Status
vulnerable
Previous vulnerability researches
BuddyPress XProfile Custom Image Field (CVE-2025-48158) , Aug 04, 2025
New vulnerability
RentSyst – CRM solution for fleet management (CVE-2025-48152) , Aug 12, 2025
Mosaic Generator (CVE-2025-8621) , Aug 12, 2025
B Slider – Slider for your block editor (CVE-2025-8418) , Aug 12, 2025
AnWP Football Leagues (CVE-2025-8767) , Aug 12, 2025
User Language Switch (CVE-2025-49064) , Aug 12, 2025