CVE-2025-5678 – Kadence WP Gutenberg Blocks with AI Stored Cross-Site Scripting

July 9, 2025

CVE ID : CVE-2025-5678

Published : July 9, 2025, 2:15 a.m. | 4 hours, 22 minutes ago

Description : The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘redirectURL’ parameter in all versions up to, and including, 3.5.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-7210 – Apache Ros Library Management System File Upload Vulnerability

Next Article CVE-2025-7207 – mruby Heap-Based Buffer Overflow Vulnerability

Anthropic proposes transparency framework for frontier AI development

Sonatype Open Source Malware Index, Gemini API Batch Mode, and more – Daily News Digest

15 Top Node.js Development Service Providers for Large Enterprises in 2026

Droip: The Modern Website Builder WordPress Needed

The gaming headset I use every day is slashed to its lowest price ever thanks to Amazon Prime Day — “stellar battery life” awaits

How passkeys work: The complete guide to your inevitable passwordless future

This Sony OLED TV is my pick for best Prime Day deal – and it’s the last chance to get 50% off

Blizzard announces release date for World of Warcraft: The War Within’s 3rd major content patch — a patch that will feature the largest, city-sized raid boss in MMORPG history

Top PHP Projects for B.Tech Students: Learn Real Skills with PHPGurukul Projects

Top PHP Projects for B.Tech Students: Learn Real Skills with PHPGurukul Projects

Deno 2.4: deno bundle is back

From Silos to Synergy: Accelerating Your AI Journey

The gaming headset I use every day is slashed to its lowest price ever thanks to Amazon Prime Day — “stellar battery life” awaits

The gaming headset I use every day is slashed to its lowest price ever thanks to Amazon Prime Day — “stellar battery life” awaits

Blizzard announces release date for World of Warcraft: The War Within’s 3rd major content patch — a patch that will feature the largest, city-sized raid boss in MMORPG history

Microsoft recently raised the price of the Xbox Series S, but these retailers just dropped it back down again — close to the old price, but not for long

CVE-2025-5678 – Kadence WP Gutenberg Blocks with AI Stored Cross-Site Scripting

CVE-2025-53513 – Juju Charm Zip Slip Unauthorized Upload Vulnerability

CVE-2025-0928 – Juju Unauthorized Agent Binary Upload Vulnerability

CVE-2024-57235 – NETGEAR RAX5 Command Injection Vulnerability

Trade-offs in Data Memorization via Strong Data Processing Inequalities

CVE-2025-47888 – Jenkins DingTalk Plugin SSL/TLS Certificate Validation Bypass Vulnerability

CVE-2025-4721 – iSourcecode Placement Management System SQL Injection

CVE-2025-7219 – Campcodes Payroll Management System SQL Injection

Microsoft’s Copilot Vision is now free for all Edge users – here’s how it works

6 small steps I took to break my phone addiction – and you can too

Microsoft Edge 136 begins shift to AI first browsing on Windows 11

CVE-2025-5678 – Kadence WP Gutenberg Blocks with AI Stored Cross-Site Scripting

Related Posts