cleantalk
Vulnerabilities and Security Researches

Ultimate Blocks – WordPress Blocks Plugin, CVE-2025-48234

CVE, Research URL

CVE-2025-48234

Home page URL

Security reports for Ultimate Blocks – WordPress Blocks Plugin

Application

Ultimate Blocks – WordPress Blocks Plugin

Published on
May 19, 2025
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ultimate Blocks Ultimate Blocks ultimate-blocks allows DOM-Based XSS.This issue affects Ultimate Blocks: from n/a through <= 3.3.0.
Affected versions
max 3.3.1.
Status
vulnerable
Previous vulnerability researches
Master Blocks &#8211; Ultimate Gutenberg Blocks for Marketers (CVE-2025-10896) , Nov 11, 2025
Ultimate Blocks &#8211; WordPress Blocks Plugin (CVE-2025-1312) , Mar 27, 2025
Ultimate Blocks &#8211; WordPress Blocks Plugin (CVE-2024-6362) , Jul 31, 2024
Ultimate Blocks &#8211; WordPress Blocks Plugin (CVE-2022-4974) , Nov 15, 2024
Ultimate Blocks &#8211; WordPress Blocks Plugin (CVE-2025-31077) , Apr 02, 2025
New vulnerability
FAQ Manager For Divi, Gutenberg Block &amp; Shortcode (CVE-2023-33999) , Jun 14, 2026
TablePress &#8211; Tables in WordPress made easy (CVE-2023-33999) , Jun 14, 2026
Docket Cache &#8211; Object Cache Accelerator (CVE-2026-22492) , Jun 14, 2026
Advanced Classifieds &amp; Directory Pro (CVE-2023-33999) , Jun 14, 2026
Display Eventbrite Events (CVE-2023-33999) , Jun 14, 2026