Stored Cross-Site Scripting Vulnerability in Progress Bar Blocks for Gutenberg
CVE-2025-12880

5.4MEDIUM

Key Information:

Vendor

WordPress
Status
Progress Bar Blocks For Gutenberg
Vendor
CVE Published:
11 November 2025

What is CVE-2025-12880?

The Progress Bar Blocks for Gutenberg plugin for WordPress is susceptible to Stored Cross-Site Scripting due to inadequate input sanitization and output escaping during SVG file uploads. This vulnerability allows authenticated attackers with Author-level access or higher to execute arbitrary web scripts on user pages accessed via these SVG files, presenting a significant risk for site security.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Progress Bar Blocks for Gutenberg * <= 1.0.0

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://wordpress.org/plugins/progressmatify-blocks/

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Peerapat Samatathanyakorn
JSON
.