Gutenberg Blocks – PublishPress Blocks Controls, Visibility, Reusable Blocks

6.4 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Description

The Gutenberg Blocks – PublishPress Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Marker Title' and 'Marker Description' parameters for the Maps block in versions up to, and including, 3.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Basic Information

ID CVE-2025-8588

Source Wordfence

Published Oct 25, 2025 at 05:31

Affected Product

Vendor publishpress

Product Gutenberg Blocks – PublishPress Blocks Controls, Visibility, Reusable Blocks

Version *

Affected Versions publishpress Gutenberg Blocks – PublishPress Blocks Controls, Visibility, Reusable Blocks *

CWE Classification

CWE-79

References

{
    "lastseen": "",
    "description": "The Gutenberg Blocks \u2013 PublishPress Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Marker Title' and 'Marker Description' parameters for the Maps block in versions up to, and including, 3.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",
    "published": "2025-10-25T05:31:20.754Z",
    "modified": "2025-10-25T05:31:20.754Z",
    "type": "cve",
    "title": "Gutenberg Blocks \u2013 PublishPress Blocks Controls, Visibility, Reusable Blocks <= 3.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting",
    "source": "Wordfence",
    "references": "https://www.wordfence.com/threat-intel/vulnerabilities/id/428d44c2-ef30-4d34-8f62-030af9931441?source=cve\nhttps://plugins.trac.wordpress.org/browser/advanced-gutenberg/trunk/assets/blocks/map/frontend.js#L14\nhttps://github.com/publishpress/PublishPress-Blocks/issues/1566",
    "id": "CVE-2025-8588",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79"
    ],
    "cvelist": null,
    "sourceData": "publishpress Gutenberg Blocks \u2013 PublishPress Blocks Controls, Visibility, Reusable Blocks *",
    "sourceHref": "",
    "cvss": {
        "score": 6.4,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Gutenberg Blocks \u2013 PublishPress Blocks Controls, Visibility, Reusable Blocks",
    "version": "*",
    "vendor": "publishpress",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Gutenberg Blocks – PublishPress Blocks Controls, Visibility, Reusable Blocks <= 3.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting_CVE-2025-8588