CVE-2025-26998

Name of the Vulnerable Software and Affected Versions SKT Blocks – Gutenberg based Page Builder versions 1.8 and earlier

Description The issue is related to improper neutralization of input during web page generation, also known as Cross-site Scripting. This allows for Stored XSS attacks.

Recommendations For SKT Blocks – Gutenberg based Page Builder versions 1.8 and earlier, consider disabling the affected page builder functionality until a patch is available. Restrict access to the page builder module to minimize the risk of exploitation. Avoid using user-inputted data in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.