Vulnerabilities > CVE-2025-22787 - Missing Authorization vulnerability in Bplugins Button Block

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

bplugins

CWE-862

NVD

Published: 2025-01-15

Updated: 2025-02-25

Summary

Missing Authorization vulnerability in bPlugins LLC Button Block allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Button Block: from n/a through 1.1.5.

Vulnerable Configurations

Part	Description	Count
Application	Bplugins Bplugins Button Block 1.0.0 Bplugins Button Block 1.0.1 Bplugins Button Block 1.0.2 Bplugins Button Block 1.0.3 Bplugins Button Block 1.0.4 Bplugins Button Block 1.0.5 Bplugins Button Block 1.0.6 Bplugins Button Block 1.0.7 Bplugins Button Block 1.0.8 Bplugins Button Block 1.0.9 Bplugins Button Block 1.1.0 Bplugins Button Block 1.1.1	12

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

https://patchstack.com/database/wordpress/plugin/button-block/vulnerability/wordpress-button-block-plugin-1-1-5-broken-access-control-vulnerability?_s_id=cve