CVE-2025-58968: 
WordPress vulnerability analysis and mitigation

A Missing Authorization vulnerability was discovered in the WordPress MaxiBlocks plugin, identified as CVE-2025-58968. The vulnerability affects versions through 2.1.3 of the MaxiBlocks plugin and involves broken access control issues that could allow exploiting incorrectly configured access control security levels. The vulnerability was discovered by researcher Abu Hurayra and was publicly disclosed on September 22, 2025 (Patchstack).

The vulnerability is classified as a Missing Authorization issue (CWE-862) with a CVSS v3.1 Base Score of 5.0 (Medium). The vulnerability vector string is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N, indicating that it requires network access, low attack complexity, and low privileges to exploit. No user interaction is required for exploitation (NVD, Patchstack).

The vulnerability allows unprivileged users to execute certain higher privileged actions due to broken access control mechanisms. The impact is considered low severity, with potential confidentiality impacts but no direct integrity or availability compromises (Patchstack).

The vulnerability has been fixed in version 2.1.4 of the MaxiBlocks plugin. Users are advised to update to version 2.1.4 or later to remove the vulnerability. Patchstack users can enable auto-update for vulnerable plugins as an additional security measure (Patchstack).