CVE-2025-8588

Name of the Vulnerable Software and Affected Versions PublishPress Blocks plugin for WordPress versions up to and including 3.3.4

Description The plugin is susceptible to Stored Cross-Site Scripting due to inadequate input sanitization and output escaping. Specifically, the 'Marker Title' and 'Marker Description' parameters within the Maps block are affected. An authenticated attacker with contributor-level access or higher can inject malicious web scripts into pages. These scripts will then execute when any user accesses the compromised page.

Recommendations Update the PublishPress Blocks plugin to a version beyond 3.3.4.