CVE-2025-2893 is a stored cross-site scripting vulnerability identified in the Gutenverse – Ultimate Block Addons and Page Builder for Site Editor plugin for WordPress. This vulnerability exists due to improper neutralization of input during web page generation, specifically within the plugin's countdown block. The root cause is insufficient sanitization and escaping of user-supplied attributes, which allows an authenticated attacker with contributor-level permissions or higher to inject arbitrary JavaScript code into pages. When other users access these pages, the injected scripts execute in their browsers, potentially compromising session tokens, cookies, or enabling further attacks such as privilege escalation or data theft. The vulnerability affects all versions up to and including 2.2.1 of the plugin. The CVSS 3.1 base score is 6.4, reflecting medium severity with network attack vector, low attack complexity, requiring privileges but no user interaction, and impacting confidentiality and integrity with a scope change. No patches or known exploits are currently publicly available, but the vulnerability is published and recognized by CISA. The plugin is widely used in WordPress environments, making this a relevant threat to many websites that utilize Gutenverse for page building and block addons.

The impact of CVE-2025-2893 is significant for organizations using the affected Gutenverse plugin on WordPress sites. Successful exploitation allows authenticated users with contributor-level access to inject persistent malicious scripts, which execute in the browsers of any visitors or administrators viewing the compromised pages. This can lead to theft of sensitive information such as session cookies, enabling account takeover or privilege escalation. It may also facilitate the spread of malware, defacement, or unauthorized actions performed on behalf of legitimate users. Since WordPress powers a large portion of websites globally, including many business, government, and e-commerce sites, the vulnerability poses a risk to data confidentiality and integrity. The requirement for contributor-level access limits exposure to some extent but does not eliminate risk, especially in environments with multiple contributors or where accounts may be compromised. The vulnerability does not impact availability directly but can degrade trust and lead to reputational damage if exploited.

To mitigate CVE-2025-2893, organizations should first verify if they use the Gutenverse – Ultimate Block Addons and Page Builder for Site Editor plugin and identify the version in use. Immediate mitigation steps include: 1) Updating the plugin to a version that addresses the vulnerability once released by the vendor; 2) If no patch is available, restrict contributor-level access strictly to trusted users and review user permissions to minimize potential attackers; 3) Implement Web Application Firewall (WAF) rules to detect and block suspicious script injection attempts targeting the countdown block attributes; 4) Employ Content Security Policy (CSP) headers to limit the execution of unauthorized scripts; 5) Regularly audit and monitor WordPress user activity and page content for unauthorized changes or injected scripts; 6) Educate contributors on secure content practices and the risks of injecting untrusted input; 7) Consider disabling or replacing the vulnerable plugin with alternative page builder solutions that have secure coding practices. These steps combined reduce the attack surface and help prevent exploitation until an official patch is available.