CVE-2025-6572
BaseFortify
Publication date: 2025-08-08
Last updated on: 2025-08-08
Assigner: WPScan
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openstreetmap | openstreetmap_for_gutenberg_and_wpbakery_page_builder | 1.2.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the OpenStreetMap for Gutenberg and WPBakery Page Builder WordPress plugin up to version 1.2.0. It occurs because the plugin does not properly validate and escape certain block options before displaying them on a page or post. This flaw allows users with contributor roles or higher to inject malicious scripts that are stored and executed when the page is viewed, known as Stored Cross-Site Scripting (XSS) attacks.
How can this vulnerability impact me? :
If exploited, this vulnerability can allow attackers with contributor or higher privileges to execute malicious scripts in the context of the website. This can lead to unauthorized actions such as stealing user session cookies, defacing the website, redirecting users to malicious sites, or performing actions on behalf of other users, potentially compromising the security and integrity of the website and its users.