Cross-site Scripting Vulnerability in Blockspare Product from Blockspare
CVE-2025-47495

6.5MEDIUM

Key Information:

Vendor

WordPress

Vendor
CVE Published:
7 May 2025

What is CVE-2025-47495?

The Cross-site Scripting (XSS) vulnerability in Blockspare allows attackers to inject malicious scripts into web pages viewed by users. This flaw can lead to unauthorized access to sensitive information and enable the execution of harmful actions within the context of a victim's session. Users on versions from n/a to 3.2.9 are particularly at risk, necessitating immediate attention to secure their applications against potential exploits.

Affected Version(s)

Blockspare <= 3.2.9

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

zaim (Patchstack Alliance)
.
The Cyber Security Vulnerability Database.