{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-32489", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2026-03-12T11:12:00.509Z", "datePublished": "2026-03-25T16:14:58.411Z", "dateUpdated": "2026-04-29T09:52:00.331Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "b-blocks", "product": "B Blocks", "vendor": "bPlugins", "versions": [{"changes": [{"at": "2.0.30", "status": "unaffected"}], "lessThanOrEqual": "< 2.0.30", "status": "affected", "version": "n/a", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "w41bu1 | Patchstack Bug Bounty Program"}], "datePublic": "2026-03-25T17:12:37.172Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Missing Authorization vulnerability in bPlugins B Blocks b-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects B Blocks: from n/a through < 2.0.30.</p>"}], "value": "Missing Authorization vulnerability in bPlugins B Blocks b-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects B Blocks: from n/a through < 2.0.30."}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "Exploiting Incorrectly Configured Access Control Security Levels"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "Missing Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-29T09:52:00.331Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/b-blocks/vulnerability/wordpress-b-blocks-plugin-2-0-30-broken-access-control-vulnerability?_s_id=cve"}], "title": "WordPress B Blocks plugin < 2.0.30 - Broken Access Control vulnerability"}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-32489", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-26T16:31:39.621627Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-26T16:40:29.542Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-32489", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-26T16:31:39.621627Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-26T16:31:40.639Z"}}], "cna": {"title": "WordPress B Blocks plugin < 2.0.30 - Broken Access Control vulnerability", "credits": [{"lang": "en", "type": "finder", "value": "w41bu1 | Patchstack Bug Bounty Program"}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "Exploiting Incorrectly Configured Access Control Security Levels"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "bPlugins", "product": "B Blocks", "versions": [{"status": "affected", "changes": [{"at": "2.0.30", "status": "unaffected"}], "version": "n/a", "versionType": "custom", "lessThanOrEqual": "< 2.0.30"}], "packageName": "b-blocks", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "datePublic": "2026-03-25T17:12:37.172Z", "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/b-blocks/vulnerability/wordpress-b-blocks-plugin-2-0-30-broken-access-control-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in bPlugins B Blocks b-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects B Blocks: from n/a through < 2.0.30.", "supportingMedia": [{"type": "text/html", "value": "Missing Authorization vulnerability in bPlugins B Blocks b-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects B Blocks: from n/a through < 2.0.30.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "Missing Authorization"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-29T09:52:00.331Z"}}}, "cveMetadata": {"cveId": "CVE-2026-32489", "state": "PUBLISHED", "dateUpdated": "2026-04-29T09:52:00.331Z", "dateReserved": "2026-03-12T11:12:00.509Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2026-03-25T16:14:58.411Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in bPlugins B Blocks b-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects B Blocks: from n/a through < 2.0.30."}, {"lang": "es", "value": "Vulnerabilidad de Autorizaci\u00f3n Faltante en bPlugins B Blocks b-blocks permite la Explotaci\u00f3n de Niveles de Seguridad de Control de Acceso Incorrectamente Configurados. Este problema afecta a B Blocks: desde n/a hasta &lt; 2.0.30."}], "id": "CVE-2026-32489", "lastModified": "2026-04-24T16:35:20.070", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-25T17:16:59.860", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Plugin/b-blocks/vulnerability/wordpress-b-blocks-plugin-2-0-30-broken-access-control-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,2.0.30)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "2.0.30"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "B Blocks", "source": "cna", "vendor": "bPlugins"}, "product": "b_blocks", "vendor": "bplugins"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-03-26T18:57:53.980484+00:00", "value": {"mitigation_remediation": ["Update the B Blocks plugin to version 2.0.30 or newer.", "If an update cannot be performed immediately, disable the plugin or restrict access to its backend to trusted administrators.", "Verify that plugin settings enforce proper access controls and audit permissions regularly.", "Monitor website logs for suspicious access attempts targeting the plugin."], "summary": {"action": "Patch Immediately", "impact": "Unauthorized Access"}, "threat_synthesis": {"affected_systems": "All releases of the B Blocks plugin from bPlugins that are older than version 2.0.30 are vulnerable. This includes every prior release, such as 2.0.29 and earlier, across all WordPress installations that use the plugin.", "description_and_impact": "The vulnerability in the bPlugins B Blocks WordPress plugin is a missing authorization flaw that lets users access functionality they should not see. An attacker could exploit improperly configured security levels to read or modify content, settings, or other protected data, leading to potential breaches of confidentiality and integrity.", "risk_and_exploitability": "The CVSS score of 6.5 indicates moderate severity, and the EPSS score of less than 1% suggests a low likelihood of exploitation, with the vulnerability not listed in the CISA KEV catalog. Based on the description, the likely attack vector is through the plugin\u2019s web interface, where an attacker could send crafted HTTP requests that bypass access controls and gain unauthorized access to protected resources."}}}}, "created": "2026-03-25T21:43:39.300882+00:00", "updated": "2026-03-27T09:31:08.353212+00:00", "vendors": ["bplugins", "bplugins$PRODUCT$b_blocks", "wordpress", "wordpress$PRODUCT$wordpress"]}