CVE-2025-8567

Published August 19th, 2025

View on NVD ↗

CVSS v3

6.4

MEDIUM

CVSS v2

N/A

Affected

PROJECT

Description

The Nexter Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 4.5.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Nexter Blocks – Gutenberg Blocks, Page Builder & AI Website Builder

<p>You installed WordPress. Then you installed a page builder. Then a popup plugin. Then a mega menu plugin. Then a gallery plugin, a form plugin, a team members plugin, a countdown timer plugin — and suddenly you’re managing 12 plugins, dreading every update, and wondering why your site is slow.</p> <p><a href="https://nexterwp.com/nexter-blocks/?utm_source=wordpress&utm_medium=readmepage&utm_campaign=nexterblocks" rel="nofollow ugc">Nexter Blocks</a> is the answer to all of it. It’s a complete <a href="https://nexterwp.com/nexter-blocks/?utm_source=wordpress&utm_medium=readmepage&utm_campaign=nexterblocks" rel="nofollow ugc">wordpress website builder</a> and <a href="https://nexterwp.com/nexter-blocks/?utm_source=wordpress&utm_medium=readmepage&utm_campaign=nexterblocks" rel="nofollow ugc">wordpress page builder</a> that lives natively inside Gutenberg — 90+ blocks, built-in AI powered by ChatGPT and Gemini, popup builder, mega menu, form builder, header builder, and full theme building — all in one plugin with one dashboard, one update, and zero jQuery. Our users call it “the plugin that replaced 20 others.” That’s what we built it to be.</p> <p>Works with Nexter Theme, Astra, Kadence, Blocksy, GeneratePress, OceanWP, Neve, Hello Elementor, and all major block themes.</p> <p><a href="https://nexterwp.com/nexter-blocks/?utm_source=wordpress&utm_medium=readmepage&utm_campaign=nexterblocks" rel="nofollow ugc">Website</a> | <a href="https://nexterwp.com/wordpress-blocks/?utm_source=wordpress&utm_medium=readmepage&utm_campaign=nexterblocks" rel="nofollow ugc">All Blocks Demo</a> | <a href="https://nexterwp.com/free-vs-pro/?utm_source=wordpress&utm_medium=readmepage&utm_campaign=nexterblocks" rel="nofollow ugc">Free vs Pro</a> | <a href="https://nexterwp.com/pricing/?utm_source=wordpress&utm_medium=readmepage&utm_campaign=nexterblocks" rel="nofollow ugc">Pricing</a> | <a href="https://nexterwp.com/docs/?utm_source=wordpress&utm_medium=readmepage&utm_campaign=nexterblocks" rel="nofollow ugc">Docs</a> | <a href="https://roadmap.nexterwp.com/" rel="nofollow ugc">Roadmap</a> | <a href="https://www.facebook.com/groups/nexterwpcommunity/" rel="nofollow ugc">Community</a> | <a href="https://wordpress.org/support/plugin/the-plus-addons-for-block-editor/#new-topic-0" rel="ugc">Free Support</a> | <a href="https://store.posimyth.com/helpdesk/?utm_source=wordpress&utm_medium=readmepage&utm_campaign=nexterblocks" rel="nofollow ugc">Premium Support</a> | <a href="https://nexterwp.com/chat/?utm_source=wordpress&utm_medium=readmepage&utm_campaign=nexterblocks" rel="nofollow ugc">AI Chat</a> | <a href="https://www.youtube.com/c/POSIMYTHInnovations/?sub_confirmation=1" rel="nofollow ugc">Video Tutorials</a></p> <h3>🤖 AI Website Builder Natively Inside Gutenberg</h3> <p>No other Gutenberg blocks plugin has AI this deep. While other tools make you leave the editor to use AI, Nexter Blocks connects directly to ChatGPT (OpenAI) and Gemini — choose your preferred model in the AI settings dashboard — and runs generation inside the block editor itself. AI credits are included with Pro.</p> <p>This is what a real <a href="https://nexterwp.com/nexter-blocks/extras/nexter-ai/?utm_source=wordpress&utm_medium=readmepage&utm_campaign=nexterblocks" rel="nofollow ugc">ai website builder wordpress</a> experience looks like in 2026:</p> <ul> <li><a href="https://nexterwp.com/nexter-blocks/extras/nexter-ai/?utm_source=wordpress&utm_medium=readmepage&utm_campaign=nexterblocks" rel="nofollow ugc">AI Content Generator</a> — Write, expand, rewrite or translate any block content with a prompt. Supports all Gutenberg text blocks. The fastest AI content workflow for Gutenberg builders.</li> <li><a href="https://nexterwp.com/nexter-blocks/extras/nexter-ai/?utm_source=wordpress&utm_medium=readmepage&utm_campaign=nexterblocks" rel="nofollow ugc">AI Image Generator</a> — Generate original images from a text prompt and drop them directly into any block. No Midjourney tab. No copy-pasting.</li> <li><a href="https://nexterwp.com/nexter-blocks/extras/nexter-ai/?utm_source=wordpress&utm_medium=readmepage&utm_campaign=nexterblocks" rel="nofollow ugc">AI Repeater Auto-Fill</a> — Populate entire repeating sections in one prompt. Fill a 6-card testimonial grid, a 4-step process, or a full FAQ accordion from a single instruction.</li> <li><a href="https://nexterwp.com/nexter-blocks/extras/nexter-ai/?utm_source=wordpress&utm_medium=readmepage&utm_campaign=nexterblocks" rel="nofollow ugc">AI Toolbar Editing</a> — Select any text in the editor. The AI toolbar appears. Improve, shorten, translate, or rewrite without leaving the block.</li> <li><a href="https://nexterwp.com/nexter-blocks/?utm_source=wordpress&utm_medium=readmepage&utm_campaign=nexterblocks" rel="nofollow ugc">1000+ AI-Ready Website Templates</a> — Import a full site template, let AI fill every content section with your brand voice, and go live in hours — not days.</li> </ul> <h3>🏗️ Full Gutenberg Page Builder — Popups, Mega Menus, Headers & More</h3> <p>Most people are surprised to discover that Nexter Blocks is a complete <a href="https://nexterwp.com/nexter-blocks/?utm_source=wordpress&utm_medium=readmepage&utm_campaign=nexterblocks" rel="nofollow ugc">gutenberg page builder</a> — not just a block collection. Every major site-building capability is built in, without any additional plugin or third-party dependency.</p> <h3>Popup Builder</h3> <p>The built-in <a href="https://nexterwp.com/nexter-blocks/builder/wordpress-popup-builder/?utm_source=wordpress&utm_medium=readmepage&utm_campaign=nexterblocks" rel="nofollow ugc">wordpress popup builder</a> covers 6 popup types (modal, slide-in, bar, full screen, inline, and widget), 10+ trigger conditions (scroll, exit intent, click, time delay, inactivity, URL, device, cookie, login status), and 16+ display rules. Build any popup directly in the Gutenberg editor. Design it like a page. No separate popup plugin needed.</p> <h3>Mega Menu Builder</h3> <p>The <a href="https://nexterwp.com/nexter-blocks/builder/wordpress-mega-menu/?utm_source=wordpress&utm_medium=readmepage&utm_campaign=nexterblocks" rel="nofollow ugc">wordpress mega menu</a> builder lets you design horizontal and vertical mega menus with full Gutenberg block content inside every dropdown panel — images, icons, columns, CTAs. No code. No third-party mega menu plugin required.</p> <h3>Header Builder</h3> <p>Design sticky, transparent, and scroll-triggered headers that are completely independent of your theme. Combine with the <a href="https://nexterwp.com/nexter-blocks/builder/wordpress-header-effects/?utm_source=wordpress&utm_medium=readmepage&utm_campaign=nexterblocks" rel="nofollow ugc">Sticky Header Scrolling Effect</a>, color-change-on-scroll, nested sticky effects, and transparent header variants for effects that used to require a premium theme.</p> <h3>Form Builder</h3> <p>A full <a href="https://nexterwp.com/nexter-blocks/builder/wordpress-form-builder/?utm_source=wordpress&utm_medium=readmepage&utm_campaign=nexterblocks" rel="nofollow ugc">wordpress form builder</a> block in Gutenberg — contact forms, newsletter signups, lead forms. Mailchimp integration built in. No WPForms or Contact Form 7 required for basic form needs.</p> <h3>Blog Builder, Ajax Search & Navigation</h3> <p><a href="https://nexterwp.com/nexter-blocks/builder/wordpress-blog-builder/?utm_source=wordpress&utm_medium=readmepage&utm_campaign=nexterblocks" rel="nofollow ugc">Blog Builder</a> for fully custom blog archive layouts, <a href="https://nexterwp.com/nexter-blocks/builder/wordpress-ajax-search-bar/?utm_source=wordpress&utm_medium=readmepage&utm_campaign=nexterblocks" rel="nofollow ugc">Ajax Search Bar</a> for real-time live search across posts and WooCommerce, <a href="https://nexterwp.com/nexter-blocks/builder/wordpress-navigation-menu/?utm_source=wordpress&utm_medium=readmepage&utm_campaign=nexterblocks" rel="nofollow ugc">Navigation Menu</a>, and <a href="https://nexterwp.com/nexter-blocks/builder/wordpress-mobile-menu/?utm_source=wordpress&utm_medium=readmepage&utm_campaign=nexterblocks" rel="nofollow ugc">Mobile Menu</a> with slide-in, toggle, and dropdown variants.</p> <h3>Dynamic Post Grid Builder</h3> <p>A drag-and-drop skin builder for any post type, CPT, or WooCommerce product — build fully custom grid, carousel, masonry, and metro layouts without touching code. <a href="https://nexterwp.com/nexter-blocks/builder/wordpress-custom-post-listing/?utm_source=wordpress&utm_medium=readmepage&utm_campaign=nexterblocks" rel="nofollow ugc">Learn more</a>.</p> <h3>👑 Why Serious WordPress Builders Choose Nexter Blocks</h3> <h3>Performance: Zero jQuery, Pure Vanilla JS</h3> <p>Every block is a separate module. Disable it, and it loads zero CSS and zero JavaScript on the front end. Enable only what you need. One CSS file and one JS file load per page regardless of how many blocks are active. Vanilla JS throughout — no jQuery dependency means no jQuery debt. This is why our users score Core Web Vitals in the green while other block plugins struggle.</p> <h3><a href="https://nexterwp.com/nexter-blocks/extras/wordpress-global-block-style/?utm_source=wordpress&utm_medium=readmepage&utm_campaign=nexterblocks" rel="nofollow ugc">Global Block Styles</a> — Site-Wide Design Control</h3> <p>Change one setting, update every instance of that block across your entire site. Global Block Styles is the feature that turns 90 blocks into a consistent design system — not 90 separate styling decisions to maintain.</p> <h3><a href="https://nexterwp.com/nexter-blocks/extras/wordpress-display-conditional-rules/?utm_source=wordpress&utm_medium=readmepage&utm_campaign=nexterblocks" rel="nofollow ugc">Display Conditions</a> — Show the Right Content to the Right Person</h3> <p>Show or hide any block based on user role, login status, device type, ACF field value, URL parameter, post category, WooCommerce cart status, and 20+ more conditions. Build personalized pages without a membership plugin.</p> <h3><a href="https://nexterwp.com/nexter-blocks/extras/wordpress-cross-domain-live-copy-paste-content/?utm_source=wordpress&utm_medium=readmepage&utm_campaign=nexterblocks" rel="nofollow ugc">Cross-Domain Live Copy-Paste</a> — Unique to Nexter Blocks</h3> <p>Copy any styled section from one WordPress site and paste it — live, with all styles — into a completely different site. No plugin on the market does this. It is the single most requested feature by agency users managing multiple client sites.</p> <h3>ACF, WooCommerce, WPML & Multisite Ready</h3> <p><a href="https://nexterwp.com/nexter-blocks/extras/wordpress-dynamic-content/?utm_source=wordpress&utm_medium=readmepage&utm_campaign=nexterblocks" rel="nofollow ugc">Dynamic Content (Pro)</a> pulls live data from ACF, Toolset, Pods, and native WordPress custom fields into any block. Full WooCommerce integration. WPML, RTL, and Multisite supported. Security audited by Patchstack.</p> <h3><a href="https://nexterwp.com/nexter-blocks/?utm_source=wordpress&utm_medium=readmepage&utm_campaign=nexterblocks" rel="nofollow ugc">1000+ Gutenberg Block Templates</a></h3> <p>Full starter site kits, section templates, and per-block presets — importable in one click. Built by professional designers. Compatible with AI Auto-Fill so you can use a starter template as a structure and let AI write the content.</p> <h3>⭐ What Our Users Say</h3> <p>★★★★★ “Superb collection of Gutenberg blocks… support is amongst the best I’ve ever experienced.” — <a href="https://wordpress.org/support/topic/fantastic-array-of-gutenberg-goodness/" rel="ugc">@captainretro</a></p> <p>★★★★★ “Massive collection of Blocks. One of the best gutenberg addons in WordPress. Used on more than 10 client websites.” — <a href="https://wordpress.org/support/topic/its-time-ahead-phenomenal-block-builder-addon-plugin/" rel="ugc">@vincentbao</a></p> <p><a href="https://wordpress.org/plugins/the-plus-addons-for-block-editor/#reviews" rel="ugc">Read All Reviews on WordPress.org</a></p> <h3>🆓 45+ Free Gutenberg Blocks</h3> <h4>Layout & Structure</h4> <ul> <li><a href="https://nexterwp.com/nexter-blocks/blocks/wordpress-container/?utm_source=wordpress&utm_medium=readmepage&utm_campaign=nexterblocks" rel="nofollow ugc">Flexbox Container</a> — full flexbox layout control, the foundation of every page</li> <li><a href="https://nexterwp.com/nexter-blocks/blocks/wordpress-section-background/?utm_source=wordpress&utm_medium=readmepage&utm_campaign=nexterblocks" rel="nofollow ugc">Section Background</a> — video, gradient, image, and parallax section backgrounds</li> <li><a href="https://nexterwp.com/nexter-blocks/blocks/wordpress-spacer/?utm_source=wordpress&utm_medium=readmepage&utm_campaign=nexterblocks" rel="nofollow ugc">Spacer</a></li> </ul> <h4>Typography & Heading Blocks</h4> <ul> <li><a href="https://nexterwp.com/nexter-blocks/blocks/wordpress-title-block/?utm_source=wordpress&utm_medium=readmepage&utm_campaign=nexterblocks" rel="nofollow ugc">Advanced Heading</a> — gradient text, animated typing, split, highlight, and stroke effects on any heading</li> <li><a href="https://nexterwp.com/nexter-blocks/blocks/wordpress-heading/?utm_source=wordpress&utm_medium=readmepage&utm_campaign=nexterblocks" rel="nofollow ugc">Heading</a> | <a href="https://nexterwp.com/nexter-blocks/blocks/wordpress-pro-paragraph/?utm_source=wordpress&utm_medium=readmepage&utm_campaign=nexterblocks" rel="nofollow ugc">Pro Paragraph</a> | <a href="https://nexterwp.com/nexter-blocks/blocks/wordpress-blockquote-block/?utm_source=wordpress&utm_medium=readmepage&utm_campaign=nexterblocks" rel="nofollow ugc">Block Quote</a> | <a href="https://nexterwp.com/nexter-blocks/blocks/wordpress-message-box/?utm_source=wordpress&utm_medium=readmepage&utm_campaign=nexterblocks" rel="nofollow ugc">Message Box</a> | <a href="https://nexterwp.com/nexter-blocks/blocks/wordpress-source-code-syntax-highlighter/?utm_source=wordpress&utm_medium=readmepage&utm_campaign=nexterblocks" rel="nofollow ugc">Source Code Syntax Highlighter</a></li> </ul> <h4>Accordion, Tabs & Interactive UI</h4> <ul> <li><a href="https://nexterwp.com/nexter-blocks/blocks/wordpress-accordion-toggle/?utm_source=wordpress&utm_medium=readmepage&utm_campaign=nexterblocks" rel="nofollow ugc">Accordion Toggle</a> — the <a href="https://nexterwp.com/nexter-blocks/blocks/wordpress-accordion-toggle/?utm_source=wordpress&utm_medium=readmepage&utm_campaign=nexterblocks" rel="nofollow ugc">wordpress accordion plugin</a> experience built into Gutenberg, with FAQ schema markup for SEO</li> <li><a href="https://nexterwp.com/nexter-blocks/blocks/wordpress-tab-content/?utm_source=wordpress&utm_medium=readmepage&utm_campaign=nexterblocks" rel="nofollow ugc">Tab Content</a> — horizontal and vertical tabs with full Gutenberg blocks inside each panel</li> <li><a href="https://nexterwp.com/nexter-blocks/blocks/wordpress-infobox/?utm_source=wordpress&utm_medium=readmepage&utm_campaign=nexterblocks" rel="nofollow ugc">Infobox & Iconbox</a> — service cards and feature boxes with icon, image, and hover animation support</li> <li><a href="https://nexterwp.com/nexter-blocks/blocks/wordpress-flipbox/?utm_source=wordpress&utm_medium=readmepage&utm_campaign=nexterblocks" rel="nofollow ugc">Flipbox</a> — animated front-back flip cards for services, team, and portfolio</li> <li><a href="https://nexterwp.com/nexter-blocks/blocks/hover-card-animations-wordpress/?utm_source=wordpress&utm_medium=readmepage&utm_campaign=nexterblocks" rel="nofollow ugc">Hover Card Animations</a> | <a href="https://nexterwp.com/nexter-blocks/blocks/wordpress-dark-mode-switcher/?utm_source=wordpress&utm_medium=readmepage&utm_campaign=nexterblocks" rel="nofollow ugc">Dark Mode Switcher</a> | <a href="https://nexterwp.com/nexter-blocks/blocks/wordpress-interactive-circle-infographic/?utm_source=wordpress&utm_medium=readmepage&utm_campaign=nexterblocks" rel="nofollow ugc">Interactive Circle Infographic</a></li> </ul> <h4>Conversion & Sales Blocks</h4> <p>These are the blocks that turn pages into revenue. Every one is optimized for performance and built with SEO and conversion in mind.</p> <ul> <li><a href="https://nexterwp.com/nexter-blocks/blocks/wordpress-pricing-table/?utm_source=wordpress&utm_medium=readmepage&utm_campaign=nexterblocks" rel="nofollow ugc">Pricing Table</a> — the <a href="https://nexterwp.com/nexter-blocks/blocks/wordpress-pricing-table/?utm_source=wordpress&utm_medium=readmepage&utm_campaign=nexterblocks" rel="nofollow ugc">wordpress pricing table plugin</a> experience as a native Gutenberg block. Toggle highlights, badges, feature lists, and CTA buttons — no shortcodes.</li> <li><a href="https://nexterwp.com/nexter-blocks/blocks/wordpress-countdown-timer/?utm_source=wordpress&utm_medium=readmepage&utm_campaign=nexterblocks" rel="nofollow ugc">Countdown Timer</a> — <a href="https://nexterwp.com/nexter-blocks/blocks/wordpress-countdown-timer/?utm_source=wordpress&utm_medium=readmepage&utm_campaign=nexterblocks" rel="nofollow ugc">wordpress countdown timer plugin</a> block with evergreen, fixed-date, and recurring modes. Adds urgency to offers and launch pages without a separate plugin.</li> <li><a href="https://nexterwp.com/nexter-blocks/blocks/wordpress-data-table/?utm_source=wordpress&utm_medium=readmepage&utm_campaign=nexterblocks" rel="nofollow ugc">Data Table</a> — responsive data tables with search, sort, filter, and pagination — zero jQuery dependency</li> <li><a href="https://nexterwp.com/nexter-blocks/blocks/wordpress-number-counter/?utm_source=wordpress&utm_medium=readmepage&utm_campaign=nexterblocks" rel="nofollow ugc">Number Counter</a> — animate social proof numbers on scroll: clients, projects, years of experience</li> <li><a href="https://nexterwp.com/nexter-blocks/blocks/wordpress-progress-bar/?utm_source=wordpress&utm_medium=readmepage&utm_campaign=nexterblocks" rel="nofollow ugc">Progress Bar</a> | <a href="https://nexterwp.com/nexter-blocks/blocks/wordpress-pie-chart/?utm_source=wordpress&utm_medium=readmepage&utm_campaign=nexterblocks" rel="nofollow ugc">Pie Chart</a> | <a href="https://nexterwp.com/nexter-blocks/blocks/wordpress-stylish-list/?utm_source=wordpress&utm_medium=readmepage&utm_campaign=nexterblocks" rel="nofollow ugc">Stylish Icon List</a> | <a href="https://nexterwp.com/nexter-blocks/blocks/wordpress-pricing-list/?utm_source=wordpress&utm_medium=readmepage&utm_campaign=nexterblocks" rel="nofollow ugc">Pricing List</a> | <a href="https://nexterwp.com/nexter-blocks/blocks/wordpress-button/?utm_source=wordpress&utm_medium=readmepage&utm_campaign=nexterblocks" rel="nofollow ugc">Button</a> | <a href="https://nexterwp.com/nexter-blocks/blocks/wordpress-advanced-button/?utm_source=wordpress&utm_medium=readmepage&utm_campaign=nexterblocks" rel="nofollow ugc">Advanced Button</a></li> </ul> <h4>Post, Blog & Testimonials</h4> <ul> <li><a href="https://nexterwp.com/nexter-blocks/listing/wordpress-testimonial-reviews/?utm_source=wordpress&utm_medium=readmepage&utm_campaign=nexterblocks" rel="nofollow ugc">Testimonial Reviews</a> — the <a href="https://nexterwp.com/nexter-blocks/listing/wordpress-testimonial-reviews/?utm_source=wordpress&utm_medium=readmepage&utm_campaign

WordPress Plugin Directory

436K