CVE-2025-1664
📋 TL;DR
This stored XSS vulnerability in the Essential Blocks WordPress plugin allows authenticated attackers with Contributor access or higher to inject malicious scripts into web pages via the Parallax slider. The scripts execute automatically when users visit compromised pages, potentially stealing credentials or performing unauthorized actions. All WordPress sites using Essential Blocks version 5.3.1 or earlier are affected.
💻 Affected Systems
- Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates for WordPress
📦 What is this software?
Essential Blocks by Wpdeveloper
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal administrator credentials, install backdoors, redirect users to malicious sites, or deface websites, potentially leading to complete site compromise and data theft.
Likely Case
Attackers with contributor accounts inject malicious scripts to steal user session cookies, redirect visitors to phishing pages, or display unwanted advertisements.
If Mitigated
With proper access controls and regular monitoring, impact is limited to potential defacement or minor data leakage from affected pages.
🎯 Exploit Status
Exploitation requires authenticated access but is straightforward once an attacker has Contributor privileges.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 5.3.2
Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3250957/essential-blocks/tags/5.3.2/assets/blocks/parallax-slider/frontend.js
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find Essential Blocks plugin. 4. Click 'Update Now' if update is available. 5. Alternatively, download version 5.3.2+ from WordPress repository and manually update.
🔧 Temporary Workarounds
Disable Parallax Slider Block
allTemporarily disable the vulnerable Parallax slider block until patching is possible.
Restrict Contributor Permissions
allTemporarily remove Contributor role users or restrict their ability to edit pages with Parallax sliders.
🧯 If You Can't Patch
- Immediately remove all Contributor role users and audit existing content for malicious scripts.
- Implement a Web Application Firewall (WAF) with XSS protection rules to block exploitation attempts.
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Installed Plugins → Essential Blocks version. If version is 5.3.1 or lower, you are vulnerable.Check Version:
wp plugin list --name='essential-blocks' --field=versionVerify Fix Applied:
After updating, verify Essential Blocks version shows 5.3.2 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to wp-admin/post.php with suspicious script content
- Multiple page edits from Contributor accounts in short timeframes
Network Indicators:
- Outbound connections to unknown domains from your WordPress site
- Unexpected script tags in page responses containing 'parallax-slider'
SIEM Query:
source="wordpress.log" AND ("parallax-slider" OR "essential-blocks") AND ("script" OR "onerror" OR "javascript:")