Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Lifecycle Timeline
4DescriptionCVE.org
Missing Authorization vulnerability in bPlugins B Blocks b-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects B Blocks: from n/a through < 2.0.30.
AnalysisAI
Improper access control in bPlugins B Blocks versions prior to 2.0.30 allows unauthenticated remote attackers to modify data and degrade system availability through misconfigured security levels. The vulnerability requires no user interaction and can be exploited over the network, affecting the integrity and availability of affected installations.
Technical ContextAI
The vulnerability stems from CWE-862 (Missing Authorization), a weakness in access control implementation within the B Blocks plugin for WordPress (cpe:2.3:a:bplugins:b_blocks:*:*:*:*:*:*:*:*). B Blocks is a WordPress plugin that provides reusable block components and content building functionality. The root cause involves improperly configured or missing authorization checks that fail to enforce privilege separation and role-based access control. Rather than a cryptographic or protocol-level flaw, this is an application logic defect where the plugin fails to validate user permissions before granting access to sensitive operations or data. The vulnerability affects all versions from an unspecified baseline through version 2.0.29, suggesting the issue was present across a broad version range until remediated in 2.0.30.
RemediationAI
Immediately upgrade B Blocks to version 2.0.30 or later through the WordPress plugin update mechanism or by manually downloading the patched version from the official bPlugins repository. Before patching, verify that your WordPress installation is fully backed up. If immediate patching is not feasible, implement network-level access restrictions to limit exposure of the affected WordPress installation to trusted IP addresses or behind a Web Application Firewall (WAF) configured to restrict access to plugin functionality. Additionally, audit user roles and capabilities within WordPress to ensure least-privilege principles are enforced, and consider temporarily disabling the B Blocks plugin if it is not actively in use. Monitor WordPress audit logs and plugin activity for any signs of unauthorized access exploitation while awaiting patch deployment.
Same weakness CWE-862 – Missing Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-15831
GHSA-j2xj-f4v6-7rwg