The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘redi

WORDPRESS

17-07-2025 14:11

CVE-2025-5678 Vulnerabilidad documentada

Sin puntuación

Tags

#wordpress

#site

#plugin

#cross

#wp

#web

#gutenberg

#cross-site

#cross-site scripting

#attackers

#authenticated

#arbitrary

#vulnerable

#scripting

#inject

#execute

#attack

#access

Descripción

The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘redirectURL’ parameter in all versions up to, and including, 3.5.10 due insufficient input sanitization output escaping. This makes it possible authenticated attackers, Contributor-level access above, inject arbitrary web scripts pages that will execute whenever a user accesses an injected page.

https://plugins.trac.wordpress.org/browser/kadence-blocks/tags/3.5.8/includes/assets/js/kb-countdown.min.js

https://plugins.trac.wordpress.org/browser/kadence-blocks/tags/3.5.8/includes/blocks/class-kadence-blocks-countdown-block.php#L605

https://www.wordfence.com/threat-intel/vulnerabilities/id/fc712f6b-f11b-4731-8f89-0044830400d6?source=cve

Referencia

Link externo

Ver detalles

Fuente

https://nvd.nist.gov/vuln/detail/CVE-2025-5678

Resultados similares

Coincidentes en almenos en 50% de los tags

17-07-2025 CVE-2025-3780
The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compati...
Ver información

17-07-2025 CVE-2025-4302
The Stop User Enumeration WordPress plugin before version 1.7.3 blocks REST API /wp-json/wp/v2/...
Ver información