Cyber Resilience

CVE-2025-2303

HighRCE

Published: 22 March 2025

Published
22 March 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0220 84.8th percentile
Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-2303 is a high-severity Code Injection (CWE-94) vulnerability in Wordpress (inferred from references). Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 15.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

The Block Logic – Full Gutenberg Block Display Control plugin for WordPress is vulnerable to remote code execution in all versions through 1.0.8. The flaw resides in the block_logic_check_logic function, which performs unsafe evaluation of user-supplied input, enabling code injection as classified under CWE-94. The issue carries a CVSS 3.1 score of 8.8.

Authenticated attackers holding Contributor privileges or higher can exploit the vulnerability over the network to execute arbitrary code on the hosting server, achieving full confidentiality, integrity, and availability impact without user interaction.

Public references point to the vulnerable code in the plugin repository and a subsequent changeset that addresses the issue, indicating an available update beyond version 1.0.8; Wordfence has also published associated threat intelligence.

EPSS scores remain low with only minimal movement between the current value of 0.0220 and the recorded peak of 0.0237.

EU & UK References

Vulnerability details

The Block Logic – Full Gutenberg Block Display Control plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.0.8 via the block_logic_check_logic function. This is due to the unsafe evaluation of user-controlled input.…

more

This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059 Command and Scripting Interpreter Execution
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
Why these techniques?

RCE via unsafe eval of user input in public-facing WordPress plugin directly maps to T1190 for exploitation; enables arbitrary code execution on server mapping to T1059 Command and Scripting Interpreter.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-27577Shared CWE-94
CVE-2024-54756Shared CWE-94
CVE-2024-21760Shared CWE-94
CVE-2024-55028Shared CWE-94
CVE-2026-41258Shared CWE-94
CVE-2025-67847Shared CWE-94
CVE-2025-58764Shared CWE-94
CVE-2026-6543Shared CWE-94
CVE-2025-67979Shared CWE-94
CVE-2025-26936Shared CWE-94

Affected Assets

Wordpress
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the RCE vulnerability by identifying, reporting, and patching the unsafe evaluation flaw in the block_logic_check_logic function of the WordPress plugin.

prevent

Requires validation of user-controlled input to the block_logic_check_logic function, preventing malicious code from being executed via unsafe evaluation.

prevent

Enforces least privilege for authenticated users like Contributors, limiting access to plugin functions that process user input or reducing post-exploitation impact.

References