WordPress MaxiBlocks Builder | 17,000+ Design Assets, Patterns, Icons & Starter Sites plugin <= 2.1.9 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability

Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin MaxiBlocks versions = 2.1.9...

CVE-2026-2028

The MaxiBlocks Builder plugin for WordPress is vulnerable to arbitrary media file deletion due to insufficient file ownership validation on the 'maxiremovecustomimagesize' AJAX action in all versions up to, and including, 2.1.8. This makes it possible for authenticated attackers, with Author-leve...

EUVD-2026-25372

The MaxiBlocks Builder plugin for WordPress is vulnerable to arbitrary media file deletion due to insufficient file ownership validation on the 'maxiremovecustomimagesize' AJAX action in all versions up to, and including, 2.1.8. This makes it possible for authenticated attackers, with Author-leve...

CVE-2026-2028

The MaxiBlocks Builder plugin for WordPress is vulnerable to arbitrary media file deletion due to insufficient file ownership validation on the 'maxiremovecustomimagesize' AJAX action in all versions up to, and including, 2.1.8. This makes it possible for authenticated attackers, with Author-leve...

PT-2026-34842

The MaxiBlocks Builder plugin for WordPress is vulnerable to arbitrary media file deletion due to insufficient file ownership validation on the 'maxi remove custom image size' AJAX action in all versions up to, and including, 2.1.8. This makes it possible for authenticated attackers, with...

WordPress plugin MaxiBlocks Builder 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress MaxiBlocks Builder plugin <= 2.1.8 - Missing Authorization to Authenticated (Author+) Media File Deletion vulnerability

Missing Authorization to Authenticated Author+ Media File Deletion vulnerability discovered by Teerachai Somprasong in WordPress Plugin MaxiBlocks versions = 2.1.8...