CVE-2025-0506

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Feb 12, 2025

Updated: Feb 25, 2025

CWE ID 79

Summary

CVE-2025-0506 is a Stored Cross-Site Scripting (XSS) vulnerability affecting the Rise Blocks plugin for WordPress. The flaw, present in all versions up to and including 3.6, allows authenticated attackers with Contributor-level access or higher to inject malicious scripts via the titleTag parameter. These scripts are then executed whenever a user accesses a page with the injected content, potentially leading to unintended actions or data theft. This vulnerability stems from insufficient input sanitization and output escaping in the plugin.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/2gQKmx
https://www.cve.org/CVERecord?id=CVE-2025-0506
https://nvd.nist.gov/vuln/detail/CVE-2025-0506

Back to Vulnerability Database

CVE-2025-0506

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations