Stored XSS Vulnerability in ThemeHunk Vayu Blocks for WordPress & WooCommerce
CVE-2025-22644

6.5MEDIUM

Key Information:

Vendor

WordPress
Status
Vayu Blocks – Gutenberg Blocks For WordPress & WooCommerce
Vendor
CVE Published:
27 March 2025

What is CVE-2025-22644?

The ThemeHunk Vayu Blocks plugin for WordPress and WooCommerce is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability. This flaw arises from improper neutralization of input during the web page generation process, potentially allowing malicious actors to inject harmful scripts into web pages viewed by users. The vulnerability affects versions of the Vayu Blocks plugin up to 1.2.1, posing risks to users who utilize this plugin for building their websites.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce <= 1.2.1

References

https://patchstack.com/database/wordpress/plugin/vayu-blo...
vdb-entry

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Gab (Patchstack Alliance)
JSON
.