4 matches found
CVE-2025-48270
CVE-2025-48270 targets the WordPress SKT Blocks plugin with a DOM‑based XSS caused by improper input neutralization during web page generation. Affected software is SKT Blocks versions n/a through 2.2. Multiple connected sources confirm the vulnerability class and vendor/product, including CVE re...
PT-2025-16527 · Unknown · Skt Blocks
Name of the Vulnerable Software and Affected Versions: SKT Blocks – Gutenberg based Page Builder versions 1.8 and earlier Description: The issue is related to improper neutralization of input during web page generation, also known as Cross-site Scripting. This allows for Stored XSS attacks...
CVE-2025-3276
CVE-2025-3276 (SKT Blocks – Gutenberg based Page Builder, WordPress): Stored Cross-Site Scripting in the Post Carousel block affects all versions up to 1.9. The root cause is insufficient input sanitization and output escaping, allowing an authenticated attacker (Contributor level or higher) to i...
PT-2024-32954 · Unknown · Skt Blocks
Name of the Vulnerable Software and Affected Versions: SKT Blocks – Gutenberg based Page Builder versions 1.6 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS, which can...