-
·
CVE-2025-58196: WordPress UiCore Elements Plugin – Cross Site Scripting (XSS) Vulnerability
I have recently reported an Authenticated (Contributor+) Stored Cross-Site Scripting (XSS) vulnerability in the WordPress UiCore Elements plugin in versions up to and including 1.3.3. The vulnerability exists in the Accordion widget due to improper handling of HTML tag attributes, allowing malicious scripts to be injected and executed in a user’s browser session. This has…
-
·
CVE-2025-55715: High Risk Sensitive Information Exposure Affecting 300,000+ Websites
I recently discovered an unauthenticated sensitive information exposure vulnerability in the WordPress Otter Blocks plugin. It has been assigned CVE-2025-55715 and published in the patchstack database. Over 300,000 websites were affected by this vulnerability. The plugin exposes sensitive content due to a lack of access restrictions on a dynamic content REST endpoint. This should be…
-
·
CVE-2025-54708: XSS Vulnerability in WordPress B-Blocks Plugin
Detailed analysis of CVE-2025-54708 stored XSS vulnerability in WordPress B-Blocks plugin. Learn exploitation techniques, impact assessment, and security fixes.