CVE-2025-8567: 
WordPress vulnerability analysis and mitigation

The vulnerability CVE-2025-8567 affects Nexter Blocks WordPress plugin versions 4.5.4 and below. This security issue was discovered by researcher zer0gh0st and was disclosed on August 18, 2025. The vulnerability is classified as an Authenticated Stored Cross-Site Scripting (XSS) vulnerability that affects multiple widgets within the plugin (Wordfence Threat Intel).

The vulnerability is rated with a CVSS score of 6.4, indicating a medium severity level. It specifically involves a Stored Cross-Site Scripting vulnerability that can be exploited by authenticated users with Contributor level permissions or higher through multiple widgets in the Nexter Blocks plugin (Wordfence Threat Intel).

The vulnerability allows authenticated users with Contributor or higher privileges to inject and store malicious scripts through multiple widgets, which could potentially be executed when other users view the affected pages. This could lead to unauthorized actions being performed in the context of other users' sessions (Wordfence Threat Intel).

The vulnerability was addressed in version 4.5.5 of the Nexter Blocks plugin, released on August 11, 2025. Users are strongly advised to update to this version or later to protect against this security issue (WordPress Plugin).