CVE-2025-8059: 
WordPress vulnerability analysis and mitigation

The B Blocks plugin for WordPress contains a Privilege Escalation vulnerability (CVE-2025-8059) discovered on August 12, 2025. The vulnerability affects all versions up to and including 2.0.6, and is caused by missing authorization and improper input validation within the rgfr_registration() function. This security flaw enables unauthenticated attackers to create new accounts with administrator privileges (NVD).

The vulnerability stems from improper authorization checks and input validation in the rgfr_registration() function located in the RegisterForm.php file. The issue has been assigned a CVSS v3.1 base score of 9.8 (CRITICAL) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating a critical severity level. The vulnerability is classified under CWE-862 (Missing Authorization) (NVD, Wordfence).

The vulnerability allows unauthenticated attackers to create new administrator accounts on affected WordPress installations. This level of access could lead to complete site compromise, as administrator accounts have full control over WordPress installations, including the ability to modify site content, install or remove plugins and themes, and access sensitive information (NVD).

Users should immediately update the B Blocks plugin to a version newer than 2.0.6 when available. Until a patch is released, it is recommended to either disable the plugin or implement additional security controls at the web application firewall level to restrict access to the registration functionality (NVD).