The BlockArt Magazine Blocks plugin contains a missing authorization check that allows users to exploit incorrectly configured access control levels. This flaw permits an attacker to perform actions restricted to administrators, such as altering plugin settings or manipulating content blocks. The vulnerability is classified as CWE‑862, indicating broken access control, and is not known to provide arbitrary code execution but does compromise site integrity and operational control.

The issue applies to all installations of BlockArt Magazine Blocks plugin version 1.8.3 and earlier. WordPress sites that have not yet upgraded to a patched release are vulnerable. No other vendors or products are listed in the CNA data.

The CVSS score is 4.3 and the EPSS score is < 1 %. The vulnerability is not listed in CISA’s KEV catalog. Although no exploitation examples are publicly documented, the flaw could allow privilege escalation within a WordPress site if an attacker has access to a user account that can reach the plugin’s administrative interfaces. Based on the description, the likely attack vector involves an authenticated user engaging with the plugin’s management pages, as the missing authorization check permits actions that should be restricted to administrators. The potential impact includes unauthorized modification of plugin settings or content blocks, compromising site integrity and operational control.