CVE-2025-2543 in Advanced Accordion Gutenberg Block Plugininformação

Sumário

de MITRE • 24/04/2025

The Advanced Accordion Gutenberg Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 5.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.

Be aware that VulDB is the high quality source for vulnerability data.

Reservar

20/03/2025

Divulgação

24/04/2025

Moderação

aceite

Entrada

VDB-306041

CPE

pronto

EPSS

0.00265

KEV

não

Atividades

muito baixo

Fontes

Want to stay up to date on a daily basis?

Enable the mail alert feature now!