CVE-2025-3276 – This stored XSS vulnerability in the SKT Blocks... (How to Fix)

Q: What is the severity of CVE-2025-3276?

CVE-2025-3276 has a CVSS score of 6.4 (MEDIUM). This stored XSS vulnerability in the SKT Blocks WordPress plugin allows authenticated attackers with Contributor access or higher to inject malicious scripts into web pages. The scripts execute automatically when users visit compromised pages, potentially stealing credentials or performing unauthorized actions. All WordPress sites using SKT Blocks plugin versions up to 1.9 are affected.

📋 TL;DR

This stored XSS vulnerability in the SKT Blocks WordPress plugin allows authenticated attackers with Contributor access or higher to inject malicious scripts into web pages. The scripts execute automatically when users visit compromised pages, potentially stealing credentials or performing unauthorized actions. All WordPress sites using SKT Blocks plugin versions up to 1.9 are affected.

💻 Affected Systems

Products:

SKT Blocks – Gutenberg based Page Builder WordPress plugin

Versions: All versions up to and including 1.9

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Requires WordPress installation with SKT Blocks plugin enabled and at least one user with Contributor role or higher.

📦 What is this software?

Skt Blocks by Sktthemes

View all CVEs affecting Skt Blocks →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal administrator credentials, deface websites, redirect users to malicious sites, or install backdoors for persistent access.

🟠

Likely Case

Attackers with contributor accounts inject malicious scripts to steal user session cookies or credentials, potentially escalating privileges.

🟢

If Mitigated

With proper user access controls and content security policies, impact is limited to data leakage from users visiting compromised pages.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access but is straightforward once attacker has Contributor-level credentials.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version after 1.9

Vendor Advisory: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3267889%40skt-blocks&new=3267889%40skt-blocks&sfp_email=&sfph_mail=

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find SKT Blocks plugin and click 'Update Now'. 4. Verify plugin version is greater than 1.9.

🔧 Temporary Workarounds

Disable Post Carousel Block

all

Temporarily disable the vulnerable Post Carousel block component

Restrict Contributor Permissions

all

Remove contributor ability to edit posts or temporarily downgrade contributor roles

🧯 If You Can't Patch

Implement Content Security Policy (CSP) headers to restrict script execution
Install web application firewall with XSS protection rules

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin → Plugins → Installed Plugins → SKT Blocks version number

Check Version:

wp plugin list --name='skt-blocks' --field=version

Verify Fix Applied:

Verify SKT Blocks plugin version is greater than 1.9 in WordPress admin panel

📡 Detection & Monitoring

Log Indicators:

Unusual post/page edits by contributor users
Suspicious script tags in post content

Network Indicators:

Unexpected script loads from post carousel elements

SIEM Query:

source="wordpress" AND (event="post_modified" OR event="page_modified") AND user_role="contributor" AND content CONTAINS "<script>"

📊 Metadata

CVE ID: CVE-2025-3276

CVSS v3 Score: 6.4 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

CWE: CWE-79

EPSS Score: 0.12% exploit probability (31.6th percentile)

Published: April 12, 2025

Last Updated: June 4, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-3276, you might also want to check these: