CVE-2025-5678 – Kadence WP Gutenberg Blocks with AI Stored Cross-Site Scripting

July 9, 2025

CVE ID : CVE-2025-5678

Published : July 9, 2025, 2:15 a.m. | 4 hours, 22 minutes ago

Description : The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘redirectURL’ parameter in all versions up to, and including, 3.5.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-7210 – Apache Ros Library Management System File Upload Vulnerability

Next Article CVE-2025-7207 – mruby Heap-Based Buffer Overflow Vulnerability

15 Proven Benefits of Outsourcing Node.js Development for Large Organizations

10 Reasons to Choose Full-Stack Techies for Your Next React.js Development Project

Anthropic proposes transparency framework for frontier AI development

Sonatype Open Source Malware Index, Gemini API Batch Mode, and more – Daily News Digest

Microsoft sees its carbon emissions soar on a 168% glut in AI energy demand, “we recognize that we must also bring more carbon-free electricity onto the grids.”

You can get a Snapdragon X-powered laptop for under $500 right now — a low I didn’t think we’d see this Prime Day week

Sam Altman admits current computers were designed for an AI-free world — but OpenAI’s new type of computer will make the AI revolution “transcendentally good”

It doesn’t matter how many laptops I review or how great the deals are — this is the one I keep coming back to over and over again

Leading Experts in Meme Coin Development – Beleaf Technologies

Leading Experts in Meme Coin Development – Beleaf Technologies

Redefining Quality Engineering – Tricentis India Partner Event

Enhancing JSON Responses with Laravel Model Appends

Microsoft sees its carbon emissions soar on a 168% glut in AI energy demand, “we recognize that we must also bring more carbon-free electricity onto the grids.”

Microsoft sees its carbon emissions soar on a 168% glut in AI energy demand, “we recognize that we must also bring more carbon-free electricity onto the grids.”

You can get a Snapdragon X-powered laptop for under $500 right now — a low I didn’t think we’d see this Prime Day week

Sam Altman admits current computers were designed for an AI-free world — but OpenAI’s new type of computer will make the AI revolution “transcendentally good”

CVE-2025-5678 – Kadence WP Gutenberg Blocks with AI Stored Cross-Site Scripting

Over 1,000 SOHO Devices Hacked in China-linked LapDogs Cyber Espionage Campaign

Blind Eagle Uses Proton66 Hosting for Phishing, RAT Deployment on Colombian Banks

CVE-2025-24348 – CtrlX OS Network Interfaces HTTP Request Manipulation Vulnerability

CVE-2025-4477 – ThreatSonar Anti-Ransomware TeamT5 Privilege Escalation Vulnerability

CVE-2025-40568 – Siemens SCALANCE and RUGGEDCOM Web Interface Session Termination Authentication Bypass

Battlefield 6 devs plagued by “extraordinary stress and long hours” — changes to compete with Call of Duty, Fortnite are wrecking havoc, and I’m worried

CVE-2025-5585 – SiteOrigin Widgets Bundle Stored Cross-Site Scripting Vulnerability

Agency Assassin

CVE-2025-30322 – Substance3D Painter Out-of-Bounds Write Vulnerability

Firebase Studio: Testing’s New IDE

CVE-2025-5678 – Kadence WP Gutenberg Blocks with AI Stored Cross-Site Scripting

Related Posts