First published: Mon Feb 17 2025(Updated: )
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sonalsinha21 SKT Blocks – Gutenberg based Page Builder allows Stored XSS. This issue affects SKT Blocks – Gutenberg based Page Builder: from n/a through 1.7.
Credit: audit@patchstack.com
Affected Software | Affected Version | How to fix |
---|---|---|
SKT Blocks | <=1.7 | |
SKT Blocks | <=1.7 |
Update the WordPress SKT Blocks – Gutenberg based Page Builder plugin to the latest available version (at least 1.8).
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2025-26771 has a high severity due to its impact on user data and the potential for stored cross-site scripting (XSS).
To fix CVE-2025-26771, update SKT Blocks – Gutenberg based Page Builder to version 1.8 or later.
CVE-2025-26771 affects SKT Blocks – Gutenberg based Page Builder versions from n/a to 1.7.
CVE-2025-26771 is a stored cross-site scripting (XSS) vulnerability.
Yes, CVE-2025-26771 can be exploited remotely, allowing attackers to execute malicious scripts on affected users' browsers.