VYPR

B Blocks

by WordPress

Source repositories

CVEs (8)

  • CVE-2026-39579HigJun 15, 2026
    risk 0.57cvss 8.8epss 0.00

    Contributor Privilege Escalation in B Blocks <= 2.0.31 versions.

  • CVE-2025-8059CriAug 12, 2025
    risk 0.57cvss 9.8epss 0.00

    The B Blocks plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization and improper input validation within the rgfr_registration() function in all versions up to, and including, 2.0.6. This makes it possible for unauthenticated attackers to create…

  • CVE-2026-5820MedApr 22, 2026
    risk 0.42cvss 6.4epss 0.00

    The Zypento Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Table of Contents block in all versions up to, and including, 1.0.6. This is due to the front-end TOC rendering script reading heading text via `innerText` and inserting it into the page…

  • CVE-2026-32489MedMar 25, 2026
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in bPlugins B Blocks b-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects B Blocks: from n/a through < 2.0.30.

  • CVE-2025-54708MedAug 14, 2025
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins B Blocks b-blocks allows DOM-Based XSS.This issue affects B Blocks: from n/a through <= 2.0.5.

  • CVE-2025-32173MedApr 4, 2025
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins B Blocks b-blocks allows Stored XSS.This issue affects B Blocks: from n/a through <= 2.0.0.

  • CVE-2023-44262MedOct 2, 2023
    risk 0.38cvss 5.9epss 0.00

    Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Renzo Johnson Blocks plugin <= 1.6.41 versions.

  • CVE-2022-0448MedMar 7, 2022
    risk 0.35cvss 4.8epss 0.06

    The CP Blocks WordPress plugin before 1.0.15 does not sanitise and escape its "License ID" settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed.