Recently there was Blesta Vulnerability which could allow staff permission escalation. Active and valid staff members may be able to gain additional permissions through crafted URLs. Because this issue requires that the user have an active and valid staff member account, this is classified as a Moderate vulnerability. A patch 3.0.9 and 3.1.1 corrects this vulnerability.
Versions 3.0.0 through 3.0.8, and 3.1.0 are affected.
If you are using Blesta version <3.0.9 or <3.1.1, it is recommended that you apply the patch.