CVE-2025-4587

Name of the Vulnerable Software and Affected Versions: A/B Testing for WordPress plugin versions up to and including 1.18.2

Description: The issue is related to stored cross-site scripting due to insufficient input sanitization and output escaping on the id parameter in the 'ab-testing-for-wp/ab-test-block' block. This allows authenticated attackers with contributor-level access or higher to inject arbitrary web scripts in pages that will execute when a user accesses an injected page.

Recommendations: For versions up to and including 1.18.2, update to a version higher than 1.18.2 to resolve the issue. As a temporary workaround, consider restricting access to the 'ab-testing-for-wp/ab-test-block' block to minimize the risk of exploitation. Avoid using the id parameter in the affected block until the issue is resolved.