CVE-2025-3276

4/12/2025 7:15:26 AM

27 روز قبل

Reporter :security@wordfence.com

Modified :4/12/2025 7:15:26 AM

Problem Data :CWE-79

Description

The SKT Blocks – Gutenberg based Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Carousel block in all versions up to, and including, 1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Cvss Version 3.1

6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Attack Vector	Network
Attack Complexity	Low
Privileges Required	Low
User Interaction	None
Scope	Changed
Confidentiality Impact	Low
Integrity Impact	Low
Availability Impact	None

EPSS

Epss Score	0
Epss Percentile	0

Note: Consider this fact that the EPSS model relies on historical data and real-world exploit information to calculate the probability of exploitation. When a CVE is newly published, there isn't enough data available to determine its likelihood of being exploited. As a result, the EPSS score defaults to 0 until more information becomes available.

Reference

لینک	منبع	تگ ها
https://www.wordfence.com/threat-intel/vulnerabilities/id/d9345eaa-c8c0-4830-a9af-48305a2f80fd?source=cve
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3267889%40skt-blocks&new=3267889%40skt-blocks&sfp_email=&sfph_mail=