CVE-2025-5844 is a stored Cross-Site Scripting (XSS) vulnerability identified in the Radius Blocks plugin for WordPress, specifically within the 'subHeadingTagName' parameter. This vulnerability exists due to insufficient sanitization and escaping of user-supplied input during web page generation, classified under CWE-79. The flaw allows authenticated users with Contributor-level permissions or higher to inject arbitrary JavaScript code into pages or posts. Because the malicious script is stored persistently, it executes every time the infected page is accessed by any user, including administrators and visitors. The vulnerability affects all versions up to and including 2.2.1 of the plugin. Exploitation requires no user interaction beyond viewing the compromised page but does require authenticated access with at least Contributor privileges, which are commonly granted to trusted users who can submit content. The CVSS v3.1 base score is 6.4, reflecting a medium severity with network attack vector, low attack complexity, privileges required, no user interaction, and a scope change. Although no known exploits have been reported in the wild, the vulnerability poses a significant risk due to the widespread use of WordPress and the Radius Blocks plugin in content management. The vulnerability could lead to session hijacking, privilege escalation, defacement, or distribution of malware through injected scripts. The lack of available patches at the time of disclosure necessitates immediate mitigation steps by administrators.

The impact of CVE-2025-5844 is primarily on the confidentiality and integrity of affected WordPress sites. Successful exploitation allows attackers to execute arbitrary JavaScript in the context of the victim's browser, potentially stealing session cookies, redirecting users to malicious sites, or performing actions on behalf of users with elevated privileges. This can lead to unauthorized access, data leakage, defacement, or distribution of malware. Since the vulnerability requires Contributor-level access, insider threats or compromised contributor accounts pose a significant risk. The scope includes all websites using the Radius Blocks plugin up to version 2.2.1, which may be numerous given WordPress's market share. The vulnerability does not directly affect availability but can indirectly cause service disruption through defacement or administrative lockout. Organizations relying on WordPress for content management, especially those with multiple contributors, are at risk of targeted attacks exploiting this vulnerability to escalate privileges or compromise site integrity.

To mitigate CVE-2025-5844, organizations should immediately audit user roles and permissions, restricting Contributor-level access to trusted users only. Implement strict input validation and output encoding for all user-supplied data, particularly the 'subHeadingTagName' parameter, to prevent script injection. Monitor and sanitize existing content for injected scripts. Since no official patch is currently available, consider temporarily disabling the Radius Blocks plugin or replacing it with alternative Gutenberg blocks that have been verified secure. Employ Web Application Firewalls (WAFs) with custom rules to detect and block suspicious payloads targeting this parameter. Regularly update WordPress core and plugins to incorporate security fixes once patches are released. Additionally, educate content contributors about safe content practices and monitor logs for unusual activity indicative of exploitation attempts.