AIKIDO-2025-10048
@wordpress/block-library is vulnerable to Cross-site Scripting (XSS)
61
Medium Risk
This Affects:
@wordpress/block-libraryTL;DR
Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to insufficient output escaping of user-supplied input. An attacker can exploit this vulnerability by crafting malicious inputs that are rendered unescaped in the application's output. This allows the attacker to inject and execute arbitrary scripts in the context of the victim's browser, potentially leading to data theft, session hijacking, or other malicious activities.
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range.
Background info
@wordpress/block-library is vulnerable to Cross-site Scripting (XSS) in versions 7.3.2 - 8.3.0.
How to fix this
Upgrade the @wordpress/block-library library to the patch version.
Links
wordfence.com/threat-intel/vulnerabilities/detail/wordpress-core-603-gutenberg-1431-authenticated-cross-site-scripting-in-various-blocksjvn.jp/en/jp/JVN09409909/index.htmlwordpress.org/download/wordpress.org/news/2022/10/wordpress-6-0-3-security-release/
Are You Affected?
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.
SOC 2Compliant
ISO 27001Compliant