PT-2026-36565

The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the className, classHook, and blockId attributes in the Add to Cart block essential-blocks/add-to-cart in all versions up to, and including, 6.0.4. This...

PT-2026-36560

Name of the Vulnerable Software and Affected Versions Maxi Blocks versions prior to 2.2.0 Description The Maxi Blocks plugin for WordPress contains a stored cross-site scripting issue. This occurs due to insufficient input sanitization and output escaping of the sc styles parameter within the...

WordPress plugin Widget Options – Advanced Conditional Visibility for Gutenberg Blocks & Classic Widgets 代码注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added to a...

WordPress plugin Essential Blocks 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

WordPress plugin Maxi Blocks 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2026-2892

The Otter Blocks plugin for WordPress is vulnerable to Purchase Verification Bypass in all versions up to, and including, 3.1.4. This is due to the 'getcustomerdata' method relying on an unsigned 'ostripedata' cookie to determine Stripe product ownership for unauthenticated users. The...

WordPress Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns plugin <= 6.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by ? in WordPress Plugin Essential Blocks for Gutenberg versions = 6.0.4...

CVE-2026-31758

In the Linux kernel, the following vulnerability has been resolved: usb: usbtmc: Flush anchored URBs in usbtmcrelease When calling usbtmcrelease, pending anchored URBs must be flushed or killed to prevent use-after-free errors e.g. in the HCD giveback path. Call usbtmcdrawdown to allow anchored...

EUVD-2026-26652

In the Linux kernel, the following vulnerability has been resolved: xfs: close crash window in attr dabtree inactivation When inactivating an inode with node-format extended attributes, xfsattr3nodeinactive invalidates all child leaf/node blocks via xfstransbinval, but intentionally does not remo...

CVE-2026-43037

In the Linux kernel, the following vulnerability has been resolved: ip6tunnel: clear skb2-cb in ip4ip6err Oskar Kjos reported the following problem. ip4ip6err calls icmpsend on a cloned skb whose cb was written by the IPv6 receive path as struct inet6skbparm. icmpsend passes IPCBskb2 to...

CVE-2026-31758

The CVE-2026-31758 entry affects the Linux kernel usbtmc implementation. The vulnerability arises when releasing USB Test & Measurement Channels: pending anchored URBs are not flushed or killed during usbtmc_release, allowing use-after-free conditions (notably in the Host Controller Driver giveba...

CVE-2026-31758 usb: usbtmc: Flush anchored URBs in usbtmc_release

In the Linux kernel, the following vulnerability has been resolved: usb: usbtmc: Flush anchored URBs in usbtmcrelease When calling usbtmcrelease, pending anchored URBs must be flushed or killed to prevent use-after-free errors e.g. in the HCD giveback path. Call usbtmcdrawdown to allow anchored...

EUVD-2026-26571

In the Linux kernel, the following vulnerability has been resolved: usb: usbtmc: Flush anchored URBs in usbtmcrelease When calling usbtmcrelease, pending anchored URBs must be flushed or killed to prevent use-after-free errors e.g. in the HCD giveback path. Call usbtmcdrawdown to allow anchored...

CVE-2026-31758

In the Linux kernel, the following vulnerability has been resolved: usb: usbtmc: Flush anchored URBs in usbtmcrelease When calling usbtmcrelease, pending anchored URBs must be flushed or killed to prevent use-after-free errors e.g. in the HCD giveback path. Call usbtmcdrawdown to allow anchored...

WordPress bBlocks – Essential Gutenberg Blocks & Patterns Collection plugin <= 1.9.8 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin B Blocks versions = 1.9.8...

WordPress Mixed Media Gallery Blocks plugin <= 3.2.4.4 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin SimpLy Gallery versions = 3.2.4.4...

WordPress Otter Blocks plugin <= 3.1.4 - Improper Authorization to Unauthenticated Purchase Verification Bypass via Forged Cookie vulnerability

Improper Authorization to Unauthenticated Purchase Verification Bypass via Forged Cookie vulnerability discovered by Drew Webber mcdruid in WordPress Plugin Otter - Gutenberg Block versions = 3.1.4...

CVE-2026-2892

The Otter Blocks plugin for WordPress is vulnerable to Purchase Verification Bypass in all versions up to, and including, 3.1.4. This is due to the 'getcustomerdata' method relying on an unsigned 'ostripedata' cookie to determine Stripe product ownership for unauthenticated users. The...

CVE-2026-2892 Otter Blocks <= 3.1.4 - Improper Authorization to Unauthenticated Purchase Verification Bypass via Forged Cookie

The Otter Blocks plugin for WordPress is vulnerable to Purchase Verification Bypass in all versions up to, and including, 3.1.4. This is due to the 'getcustomerdata' method relying on an unsigned 'ostripedata' cookie to determine Stripe product ownership for unauthenticated users. The...

CVE-2026-2892

Summary (CVE-2026-2892): The Otter Blocks WordPress plugin (all versions up to 3.1.4) is vulnerable to a Purchase Verification Bypass. The root cause is the get_customer_data function relying on an unsigned o_stripe_data cookie to determine Stripe product ownership for unauthenticated users, whil...