cleantalk
Vulnerabilities and Security Researches

Ultimate Blocks – WordPress Blocks Plugin, CVE-2025-48234

CVE, Research URL

CVE-2025-48234

Home page URL

Security reports for Ultimate Blocks – WordPress Blocks Plugin

Application

Ultimate Blocks – WordPress Blocks Plugin

Published on
May 19, 2025
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ultimate Blocks Ultimate Blocks ultimate-blocks allows DOM-Based XSS.This issue affects Ultimate Blocks: from n/a through <= 3.3.0.
Affected versions
max 3.3.1.
Status
vulnerable
Previous vulnerability researches
Products Suggestions for WooCommerce (978edf968cc1bb14ad6e4fc2a47804615027039d) , Jun 06, 2024
Products Suggestions for WooCommerce (CVE-2022-45813) , Jun 13, 2026
New vulnerability
Add Expires Headers &amp; Optimized Minify (CVE-2023-33999) , Jun 14, 2026
WooCommerce Shipping gateway per Product (CVE-2023-33999) , Jun 14, 2026
Fast Index (CVE-2023-33999) , Jun 14, 2026
Zip Code Redirect (CVE-2023-33999) , Jun 14, 2026
Salesmate Add-On for Gravity Forms (CVE-2025-31551) , Jun 14, 2026