CVE-2025-30952: 
WordPress vulnerability analysis and mitigation

A stored Cross-Site Scripting (XSS) vulnerability was discovered in wpdive Nexa Blocks plugin versions through 1.1.0. The vulnerability was disclosed on June 6, 2025, and assigned identifier CVE-2025-30952 (NVD, Patchstack).

The vulnerability is classified as an Improper Neutralization of Input During Web Page Generation (CWE-79). It has been assigned a CVSS v3.1 Base Score of 6.5 (Medium) with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L. The vulnerability requires Contributor or higher privileges to exploit (NVD).

This vulnerability could allow authenticated attackers with Contributor or higher privileges to inject malicious scripts into the website. When executed, these scripts could lead to various security impacts including redirects, unauthorized advertisements, and execution of other malicious HTML payloads when visitors access the affected site (Patchstack).

As of the disclosure date, no official fix is available for this vulnerability. Given the low severity impact and exploitation likelihood, immediate mitigation may not be critical, but users should monitor for updates (Patchstack).