Cross-site Scripting Vulnerability in bPlugins Info Cards for WordPress
CVE-2025-26945

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: Info Cards – Gutenberg Block For Creating Beautiful Cards
Vendor: CVE Published:; 25 February 2025

What is CVE-2025-26945?

The bPlugins Info Cards for WordPress contains a vulnerability that allows for stored Cross-site Scripting (XSS). This occurs due to improper neutralization of input during the web page generation process. Attackers can exploit this flaw to inject malicious scripts into the site, which can then be executed by unsuspecting users. This vulnerability impacts versions from n/a up to 1.0.5, and it is crucial for site administrators to address this issue promptly to protect against potential attacks.

Affected Version(s)

Info Cards – Gutenberg block for creating Beautiful Cards <= 1.0.5

References

https://patchstack.com/database/wordpress/plugin/info-car...

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 25, 2025
Vulnerability Reserved
Feb 17, 2025

Credit

Logan Cote (Patchstack Alliance)