Plattform
wordpress
Komponente
block-logic
Behoben in
1.0.9
CVE-2025-2303 is a Remote Code Execution (RCE) vulnerability affecting the Block Logic – Full Gutenberg Block Display Control plugin for WordPress. This vulnerability allows authenticated attackers with Contributor-level access or higher to execute arbitrary code on the server. The vulnerability impacts versions 1.0.0 through 1.0.8, and a fix is available in version 2.0.0.
Successful exploitation of CVE-2025-2303 allows an attacker to gain complete control over the WordPress server. Given the plugin's functionality, an attacker could modify website content, install malicious plugins, steal sensitive data (user credentials, database information), and potentially pivot to other systems on the network. The impact is particularly severe because the vulnerability requires only Contributor-level access, a relatively low privilege level within WordPress, making it easier for attackers to exploit. This vulnerability shares similarities with other code execution flaws in WordPress plugins where user input is not properly sanitized before being used in code execution functions.
CVE-2025-2303 was publicly disclosed on 2025-03-22. The exploitability of this vulnerability is considered medium due to the requirement for authenticated access. Public proof-of-concept (PoC) code is likely to emerge given the ease of exploitation and the plugin's popularity. Monitor security advisories and threat intelligence feeds for any indications of active exploitation campaigns targeting this vulnerability.
Websites using the Block Logic – Full Gutenberg Block Display Control plugin, particularly those with multiple contributors or users with elevated privileges, are at significant risk. Shared hosting environments where multiple WordPress sites share the same server are also at increased risk, as a compromise on one site could potentially lead to compromise of others.
• wordpress / plugin:
wp plugin list | grep 'Block Logic – Full Gutenberg Block Display Control'• wordpress / plugin: Check plugin version in WordPress admin dashboard.
• wordpress / plugin: Review WordPress access logs for suspicious requests targeting the blocklogiccheck_logic function.
• wordpress / plugin: Use wp-cli to check for vulnerable plugin versions: wp plugin update --all (and review output for updates).
• wordpress / plugin: Monitor WordPress security plugin alerts for CVE-2025-2303.
disclosure
patch
Exploit-Status
EPSS
1.29% (80% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-2303 is to immediately upgrade the Block Logic – Full Gutenberg Block Display Control plugin to version 2.0.0 or later. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider temporarily restricting access to the plugin's settings or disabling the plugin entirely. While not a complete solution, a Web Application Firewall (WAF) configured to block requests containing suspicious input to the blocklogiccheck_logic function might offer some protection. After upgrading, verify the fix by attempting to trigger the vulnerable function with malicious input and confirming that it is properly sanitized and does not result in code execution.
Aktualisieren Sie auf Version 2.0.0 oder eine neuere gepatchte Version
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-2303 is a Remote Code Execution vulnerability in the Block Logic – Full Gutenberg Block Display Control WordPress plugin, allowing authenticated attackers to execute code on the server.
You are affected if you are using the Block Logic – Full Gutenberg Block Display Control plugin versions 1.0.0 through 1.0.8.
Upgrade the Block Logic – Full Gutenberg Block Display Control plugin to version 2.0.0 or later to remediate the vulnerability.
While no active exploitation has been confirmed, the vulnerability is considered exploitable and public PoCs are likely to emerge, increasing the risk of exploitation.
Refer to the official Block Logic plugin documentation and WordPress security announcements for the latest advisory regarding CVE-2025-2303.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.