WordPress Plugin Vulnerabilities

B Blocks < 2.0.7 - Missing Authorization to Unauthenticated Privilege Escalation via rgfr_registration Function

Description

The B Blocks plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization and improper input validation within the rgfr_registration() function in all versions up to, and including, 2.0.6. This makes it possible for unauthenticated attackers to create a new account and assign it the administrator role.

Affects Plugins

Fixed in 2.0.7

References

Classification

Type
NO AUTHORISATION
CWE

Miscellaneous

Original Researcher
Peter Thaleikis
Verified
No

Timeline

Publicly Published
2025-08-11 (about 10 months ago)
Added
2025-08-11 (about 10 months ago)
Last Updated
2025-08-12 (about 10 months ago)

Other