CVE-2025-5844 is a stored Cross-Site Scripting (XSS) vulnerability identified in the Radius Blocks plugin for WordPress, specifically affecting all versions up to and including 2.2.1. This plugin, developed by techlabpro1, provides Gutenberg blocks functionality for WordPress sites. The vulnerability arises due to improper neutralization of input during web page generation, classified under CWE-79. The flaw is located in the handling of the 'subHeadingTagName' parameter, which lacks sufficient input sanitization and output escaping. As a result, authenticated users with Contributor-level privileges or higher can inject arbitrary JavaScript code into pages. This malicious script is then stored and executed whenever any user accesses the compromised page, potentially leading to session hijacking, privilege escalation, or unauthorized actions on behalf of the victim. The vulnerability has a CVSS v3.1 base score of 6.4, indicating a medium severity level. The attack vector is network-based (remote), with low attack complexity and requiring privileges (Contributor or above) but no user interaction is needed for exploitation. The scope is changed, meaning the vulnerability can affect resources beyond the initially compromised component. No known exploits are currently reported in the wild, and no patches have been linked yet. This vulnerability is particularly concerning for WordPress sites using this plugin, as Contributor-level access is commonly granted to trusted users such as content creators, making it a realistic threat vector for insider or compromised accounts.

For European organizations relying on WordPress websites with the Radius Blocks plugin, this vulnerability poses a significant risk to the confidentiality and integrity of their web content and user sessions. Attackers exploiting this flaw can execute arbitrary scripts in the context of the affected site, potentially stealing cookies, session tokens, or performing actions on behalf of legitimate users. This can lead to unauthorized access, defacement, or further compromise of the website and its users. Given the widespread use of WordPress across Europe, including by SMEs, public institutions, and e-commerce platforms, the impact could range from reputational damage to regulatory non-compliance under GDPR if personal data is exposed or manipulated. The requirement for Contributor-level access limits the attack surface but does not eliminate risk, as compromised or malicious insiders could exploit this vulnerability. Additionally, the stored nature of the XSS means the malicious payload persists and affects all visitors to the infected pages, amplifying potential damage. Although no known exploits are currently active, the medium severity rating and the common use of the affected plugin suggest that European organizations should proactively address this issue to prevent exploitation.

To mitigate CVE-2025-5844 effectively, European organizations should: 1) Immediately audit WordPress installations to identify the presence of the Radius Blocks plugin and verify the version in use. 2) Restrict Contributor-level access strictly to trusted users and review user permissions regularly to minimize the risk of insider threats. 3) Implement Web Application Firewalls (WAFs) with rules designed to detect and block malicious scripts or suspicious input patterns targeting the 'subHeadingTagName' parameter. 4) Employ Content Security Policy (CSP) headers to limit the execution of unauthorized scripts on the website. 5) Monitor website content for unexpected script injections or anomalies, using automated scanning tools specialized in detecting stored XSS. 6) Engage with the plugin vendor or community to obtain or contribute to patches; if no official patch is available, consider temporarily disabling the plugin or replacing it with alternative Gutenberg blocks plugins that do not exhibit this vulnerability. 7) Educate content contributors about security best practices to reduce the risk of accidental injection of malicious content. 8) Maintain up-to-date backups of website data to enable rapid restoration if compromise occurs.