Return to CVE list

CVE-2025-2543

6.4
Medium

CVE-2025-2543

security@wordfence.com
Awaiting Analysis
View on MITREFind on GitHub

Description

The Advanced Accordion Gutenberg Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 5.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.

Exploits

No known exploits found for this CVE.

Search Exploit-DB

References

security@wordfence.com
https://plugins.trac.wordpress.org/browser/advanced-accordion-block/tags/4.8.2/advanced-accordion-block.php#L363
security@wordfence.com
https://plugins.trac.wordpress.org/browser/advanced-accordion-block/tags/4.8.2/advanced-accordion-block.php#L364
security@wordfence.com
https://plugins.trac.wordpress.org/browser/advanced-accordion-block/tags/4.8.2/advanced-accordion-block.php#L369
security@wordfence.com
https://wordpress.org/plugins/advanced-accordion-block/#developers
security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/79752ac3-cb5f-4d86-be58-c4b892e4edd6?source=cve