CVE-2025-48270: 
WordPress vulnerability analysis and mitigation

A DOM-Based Cross-site Scripting (XSS) vulnerability has been identified in sonalsinha21 SKT Blocks, affecting versions through 2.2. The vulnerability was discovered on May 19, 2025, and was assigned identifier CVE-2025-48270. This security issue impacts the SKT Blocks WordPress plugin, allowing potential exploitation through DOM-based XSS attacks (Patchstack).

The vulnerability has been classified with a CVSS v3.1 Base Score of 6.5 (Medium severity) with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L. This indicates that the vulnerability requires network access, low attack complexity, low privileges, and user interaction. The scope is changed, with low impact on confidentiality, integrity, and availability (NVD).

If exploited, this vulnerability could allow malicious actors to inject malicious scripts, including redirects, advertisements, and other HTML payloads into the website. These injected scripts would be executed when guests visit the affected site, potentially compromising user data and website integrity (Patchstack).

The vulnerability has been patched in version 2.3 of SKT Blocks. Users are advised to update to version 2.3 or later to remove the vulnerability. For users unable to update immediately, no alternative workarounds have been provided (Patchstack).