CVE-2025-2543 – WordPress Advanced Accordion Gutenberg Block Stored Cross-Site Scripting

April 24, 2025

CVE ID : CVE-2025-2543

Published : April 24, 2025, 9:15 a.m. | 1 hour, 28 minutes ago

Description : The Advanced Accordion Gutenberg Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 5.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-3101 – WordPress Configurator Theme Core Privilege Escalation Vulnerability

Next Article CVE-2025-3058 – Xelion Webchat WordPress Privilege Escalation Vulnerability

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

Development tool updates from WWDC: Foundation Models framework, Xcode 26, Swift 6.2, and more

Decoding The SVG path Element: Line Commands

Your favorite AI chatbot is lying to you all the time

Your CarPlay is getting a major overhaul on iOS 26: 3 new features arriving to your dashboard

Every iPad model that supports iPadOS 26 (and which ones won’t be compatible)

Why I recommend this Lenovo Android tablet to most people – especially at this price

Community News: Latest PECL Releases (06.10.2025)

Community News: Latest PECL Releases (06.10.2025)

SOLID Design Principles Every JavaScript Deveveloper Should Know

Perficient Boldly Advances Business Through Technology Partnerships and Collaborative Innovation

Final Fantasy XVI launches on Xbox, and FF VII Remake Intergrade is coming this winter

Final Fantasy XVI launches on Xbox, and FF VII Remake Intergrade is coming this winter

PowerToys Run adds Internet speed test, video downloader & more

Not Rumor Anymore: Persona 4 Revival Announced At Xbox Games Showcase 2025

CVE-2025-2543 – WordPress Advanced Accordion Gutenberg Block Stored Cross-Site Scripting

SAP waarschuwt voor nieuwe kritieke NetWeaver-kwetsbaarheid

Ivanti Workspace Control hardcoded key flaws expose SQL credentials

How to Turn Ubuntu 24.04 into a KVM Hypervisor – Quick Setup with Web Management

Microsoft’s premium Xbox Elite Series 2 Wireless Controller is on sale with a rare 20% discount

CVE-2025-5745 – IBM Power10 GNU C Library Unpredictable String Comparison Vulnerability

PonyProg is a serial device programmer

CVE-2025-4506 – A vulnerability was found in Campcodes Online Food

CVE-2025-47646 – Gilblas Ngunte Possi PSW Front-end Login & Registration Weak Password Recovery Mechanism

Copilot on Windows 11 is gaining the ability to see and interact with your apps — but only when you ask it to

New PumaBot Botnet Targets Linux IoT Devices to Steal SSH Credentials and Mine Crypto

CVE-2025-2543 – WordPress Advanced Accordion Gutenberg Block Stored Cross-Site Scripting

Related Posts