anonhaven
Ad

CVE-2025-22787

HIGH CVSS 3.1: 8.8 EPSS 0.21%
Updated Feb 25, 2025
Bplugins
Parameter Value
CVSS 8.8 (HIGH)
Affected Versions before 1.1.6
Fixed In 1.1.6
Type CWE-862 (Missing Authorization)
Vendor Bplugins
Public PoC No

Missing Authorization vulnerability in bPlugins LLC Button Block allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Button Block: from n/a through 1.1.5.

Attack Parameters

Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Privileges Required
Low
Basic privileges needed
User Interaction
None
No user interaction needed

Impact Assessment

Confidentiality
High
Complete data leak
Integrity
High
Complete data modification
Availability
High
Complete denial of service

CVSS Vector v3.1

Weakness Type (CWE)

CWE-862 Missing Authorization

Vulnerable Products 1

Configuration From (including) Up to (excluding)
Bplugins Button_Block
cpe:2.3:a:bplugins:button_block:*:*:*:*:*:wordpress:*:*
 1.1.6

References 1

https://patchstack.com/database/wordpress/plugin/button-block/vulnerability/wor…
audit@patchstack.com
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-4120

Bplugins

6.4

CVE-2025-22815

Bplugins

5.4