CVE-2025-8624 is a stored Cross-Site Scripting (XSS) vulnerability classified under CWE-79, found in the Nexa Blocks plugin for WordPress, which provides Gutenberg blocks and page builder functionality. The vulnerability arises from improper neutralization of user input in the Google Maps widget, where user-supplied attributes are not adequately sanitized or escaped before being rendered in web pages. This flaw allows authenticated attackers with contributor-level permissions or higher to inject arbitrary JavaScript code that is persistently stored and executed in the context of any user accessing the affected page. The attack vector requires no user interaction beyond visiting the compromised page, and the vulnerability scope is broad since it affects all versions up to and including 1.1.0. The CVSS 3.1 base score is 6.4, reflecting network attack vector, low attack complexity, privileges required (low), no user interaction, and impacts on confidentiality and integrity but not availability. While no public exploits are currently known, the vulnerability poses a significant risk because contributor-level access is commonly granted in collaborative WordPress environments, and exploitation could lead to session hijacking, defacement, or further exploitation such as privilege escalation or malware distribution. The vulnerability was published on September 30, 2025, and no official patches or updates have been linked yet, indicating the need for immediate attention from administrators using this plugin.

For European organizations, this vulnerability can lead to unauthorized script execution within their WordPress sites, compromising user sessions, stealing sensitive data, or defacing websites. Given WordPress's widespread use in Europe for corporate, governmental, and small business websites, exploitation could damage organizational reputation, lead to data breaches, and disrupt services. The requirement for contributor-level access means insider threats or compromised accounts could be leveraged to exploit this vulnerability. Additionally, the persistent nature of stored XSS increases the risk of widespread impact across multiple users and sessions. Organizations in sectors with strict data protection regulations such as GDPR may face compliance issues and legal consequences if user data is compromised. The lack of known exploits currently provides a window for proactive mitigation, but the medium severity score indicates that the threat should not be underestimated.

European organizations should immediately audit their WordPress installations to identify the presence of the Nexa Blocks plugin and verify the version in use. Since no official patches are currently linked, temporary mitigations include disabling or removing the Google Maps widget within the plugin or the entire plugin if feasible. Restrict contributor-level access strictly to trusted users and implement multi-factor authentication to reduce the risk of account compromise. Employ Web Application Firewalls (WAFs) with custom rules to detect and block suspicious script injection attempts targeting the affected widget. Regularly monitor website content for unauthorized script injections and conduct security scans focusing on XSS vulnerabilities. Educate content contributors about the risks of injecting untrusted content and enforce strict content validation policies. Stay updated with vendor announcements for patches or updates addressing this vulnerability and apply them promptly once available.