20 matches found
CVE-2026-8981
The Custom Block Builder WordPress plugin before 4.3.0 does not consistently check the unfilteredhtml capability across all paths that write to its block template code fields, allowing administrators on multisite installations or single-site installs with DISALLOWUNFILTEREDHTML defined to inject...
CVE-2026-8981
The Custom Block Builder WordPress plugin before 4.3.0 does not consistently check the unfilteredhtml capability across all paths that write to its block template code fields, allowing administrators on multisite installations or single-site installs with DISALLOWUNFILTEREDHTML defined to inject...
CVE-2026-8981 Lazy Blocks < 4.3.0 - Admin+ Stored XSS via Custom Block Frontend HTML
The Custom Block Builder WordPress plugin before 4.3.0 does not consistently check the unfilteredhtml capability across all paths that write to its block template code fields, allowing administrators on multisite installations or single-site installs with DISALLOWUNFILTEREDHTML defined to inject...
CVE-2026-8981 Lazy Blocks < 4.3.0 - Admin+ Stored XSS via Custom Block Frontend HTML
The Custom Block Builder WordPress plugin before 4.3.0 does not consistently check the unfilteredhtml capability across all paths that write to its block template code fields, allowing administrators on multisite installations or single-site installs with DISALLOWUNFILTEREDHTML defined to inject...
EUVD-2026-35352
The Custom Block Builder WordPress plugin before 4.3.0 does not consistently check the unfilteredhtml capability across all paths that write to its block template code fields, allowing administrators on multisite installations or single-site installs with DISALLOWUNFILTEREDHTML defined to inject...
PT-2026-47690
The Custom Block Builder WordPress plugin before 4.3.0 does not consistently check the unfiltered html capability across all paths that write to its block template code fields, allowing administrators on multisite installations or single-site installs with DISALLOW UNFILTERED HTML defined to inje...
WordPress plugin Custom Block Builder 跨站脚本漏洞
WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed on a website. The WordPress Plugin Custom Block Builder has a cross-site...
CVE-2026-1560
The Custom Block Builder – Lazy Blocks plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.2.0 via multiple functions in the 'LazyBlocksBlocks' class. This makes it possible for authenticated attackers, with Contributor-level access and above, to...
CVE-2026-1560
The Custom Block Builder – Lazy Blocks plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.2.0 via multiple functions in the 'LazyBlocksBlocks' class. This makes it possible for authenticated attackers, with Contributor-level access and above, to...
CVE-2026-1560 Custom Block Builder – Lazy Blocks <= 4.2.0 - Authenticated (Contributor+) Remote Code Execution
The Custom Block Builder – Lazy Blocks plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.2.0 via multiple functions in the 'LazyBlocksBlocks' class. This makes it possible for authenticated attackers, with Contributor-level access and above, to...
CVE-2026-1560 Custom Block Builder – Lazy Blocks <= 4.2.0 - Authenticated (Contributor+) Remote Code Execution
The Custom Block Builder – Lazy Blocks plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.2.0 via multiple functions in the 'LazyBlocksBlocks' class. This makes it possible for authenticated attackers, with Contributor-level access and above, to...
CVE-2026-1560
The CVE covers the Custom Block Builder – Lazy Blocks plugin for WordPress, with RCE in all versions up to 4.2.0 via multiple functions in the LazyBlocks_Blocks class. Exploitation requires authenticated access at Contributor level or higher, enabling code execution on the server. The description...
PT-2026-7490
Name of the Vulnerable Software and Affected Versions Custom Block Builder – Lazy Blocks versions prior to 4.2.1 Description The Custom Block Builder – Lazy Blocks plugin for WordPress has a flaw that allows for Remote Code Execution. An authenticated attacker with Contributor-level access or...
CVE-2024-12878
The Custom Block Builder WordPress plugin before 3.8.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2024-12878
The Custom Block Builder WordPress plugin before 3.8.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2024-12878 Custom Block Builder – Lazy Blocks < 3.8.3 - Reflected XSS
The Custom Block Builder WordPress plugin before 3.8.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2024-12878
CVE-2024-12878 affects the WordPress plugin Custom Block Builder (Lazy Blocks) up to version 3.8.3. The vulnerability is a Reflected XSS caused by insufficient sanitisation/escaping of an input parameter before it is output on the page, potentially enabling an attacker to target high-privilege us...
CVE-2024-12878 Custom Block Builder – Lazy Blocks < 3.8.3 - Reflected XSS
The Custom Block Builder WordPress plugin before 3.8.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
WordPress plugin Custom Block Builder 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in the...
PT-2025-8672
Name of the Vulnerable Software and Affected Versions The Custom Block Builder WordPress plugin versions prior to 3.8.3 Description The issue is related to a Reflected Cross-Site Scripting problem. It occurs because a parameter is not properly sanitised and escaped before being outputted back in...