Medium severity6.5NVD Advisory· Published May 7, 2025· Updated Apr 23, 2026

CVE-2025-47493

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ultimate Blocks Ultimate Blocks ultimate-blocks allows DOM-Based XSS.This issue affects Ultimate Blocks: from n/a through <= 3.2.9.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

DOM-based XSS in Ultimate Blocks WordPress plugin (≤3.2.9) allows attackers to inject malicious scripts via improper input neutralization.

Vulnerability

Overview

CVE-2025-47493 is a DOM-based Cross-Site Scripting (XSS) vulnerability in the Ultimate Blocks plugin for WordPress, affecting versions up to and including 3.2.9. The root cause is improper neutralization of user input during web page generation, enabling the injection of arbitrary JavaScript into the DOM [1].

References

Cross Site Scripting (XSS) in WordPress Ultimate Blocks Plugin

AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

WordPress/Ultimate Blocksllm-fuzzy
Range: <=3.2.9
Package: https://wordpress.org/plugins/ultimate-blocks

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

patchstack.com/database/Wordpress/Plugin/ultimate-blocks/vulnerability/wordpress-ultimate-blocks-3-2-9-cross-site-scripting-xss-vulnerabilitynvd

News mentions

No linked articles in our index yet.

cvss	0.423
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000