CVE-2025-5678 – Kadence WP Gutenberg Blocks with AI Stored Cross-Site Scripting

July 9, 2025

CVE ID : CVE-2025-5678

Published : July 9, 2025, 2:15 a.m. | 4 hours, 22 minutes ago

Description : The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘redirectURL’ parameter in all versions up to, and including, 3.5.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-7210 – Apache Ros Library Management System File Upload Vulnerability

Next Article CVE-2025-7207 – mruby Heap-Based Buffer Overflow Vulnerability

A Week In The Life Of An AI-Augmented Designer

This week in AI updates: Gemini Code Assist Agent Mode, GitHub’s Agents panel, and more (August 22, 2025)

Microsoft adds Copilot-powered debugging features for .NET in Visual Studio

Blackstone portfolio company R Systems Acquires Novigo Solutions, Strengthening its Product Engineering and Full-Stack Agentic-AI Capabilities

The best AirTag alternative for Samsung users is currently 30% off

One of the biggest new features on the Google Pixel 10 is also one of the most overlooked

I tested these viral ‘crush-proof’ Bluetooth speakers, and they’re not your average portables

I compared the best smartwatches from Google and Apple – and there’s a clear winner

MongoDB Data Types

MongoDB Data Types

Building Cross-Platform Alerts with Laravel’s Notification Framework

Add Notes Functionality to Eloquent Models With the Notable Package

Microsoft Teams updated with a feature you probably thought already existed — “Can you hear me?” is now a thing of the past

Microsoft Teams updated with a feature you probably thought already existed — “Can you hear me?” is now a thing of the past

Xbox Game Pass gets Gears of War: Reloaded, Dragon Age: The Veilguard, and more — here’s what is coming through the rest of August

Resident Evil ‘9’ Requiem has some of the most incredible lighting I’ve seen in a game — and Capcom uses it as a weapon

CVE-2025-5678 – Kadence WP Gutenberg Blocks with AI Stored Cross-Site Scripting

Blue Locker ransomware hits critical infrastructure – is your organisation ready?

GeoServer Exploits, PolarEdge, and Gayfemboy Push Cybercrime Beyond Traditional Botnets

Natasha Lyonne to Direct AI-Powered Sci-Fi Film That Could Redefine Hollywood

My favorite MagSafe wallet stand is the ideal iPhone companion, and it just got cheaper

Microsoft is adding Clock to Windows 11 Calendar flyout after removing it in Windows 10

Vibe coding with GitHub Copilot: Agent mode and MCP support rolling out to all VS Code users

FBI, CISA Warn About Scattered Spider Cyberattacks

3 easy ways to customize Windows Terminal to look incredible in PowerShell and WSL

CVE-2025-54473 – Joomla Phoca Commander Authenticated Remote Code Execution

Top GitHub Repositories Every CTO Should Keep an Eye On

CVE-2025-5678 – Kadence WP Gutenberg Blocks with AI Stored Cross-Site Scripting

Related Posts