CVE-2026-2028

The MaxiBlocks Builder plugin for WordPress contains an issue where the maxi_remove_custom_image_size AJAX action inadequately validates file ownership, allowing authenticated users with Author-level access or higher to delete arbitrary files in wp-content/uploads (including files from others/adm...

EUVD-2026-3769

Malicious code in blocks-builder-manifest-generator npm...

Malicious Package

Overview blocks-builder-manifest-generator is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and...

Malicious code in blocks-builder-manifest-generator (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 30f5efa34a1c44d974502110177cb7a60daf579349ed25937e66e342f7f7c24f The package blocks-builder-manifest-generator was found to contain malicious code. Source: ghsa-malware...

MAL-2026-385 Malicious code in blocks-builder-manifest-generator (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 30f5efa34a1c44d974502110177cb7a60daf579349ed25937e66e342f7f7c24f The package blocks-builder-manifest-generator was found to contain malicious code. Source: ghsa-malware...

EUVD-2025-3014

Malicious code in bioql PyPI...

CVE-2025-22810

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Phi Phan Content Blocks Builder content-blocks-builder allows Stored XSS.This issue affects Content Blocks Builder: from n/a through = 2.7.6...

CVE-2025-22810

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Phi Phan Content Blocks Builder content-blocks-builder allows Stored XSS.This issue affects Content Blocks Builder: from n/a through = 2.7.6...

CVE-2025-22810 WordPress Content Blocks Builder plugin <= 2.7.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CBB Team Content Blocks Builder allows Stored XSS.This issue affects Content Blocks Builder: from n/a through 2.7.6...

CVE-2025-22810

CVE-2025-22810 affects Content Blocks Builder (WordPress) up to version 2.7.6. It is a Stored XSS in web page generation due to Improper Neutralization of Input During Web Page Generation. Patch released in 2.7.6 (Patched). CVSS v3.1 base score 6.5 (Medium). References include Patchstack entry; e...

WordPress plugin Content Blocks Builder 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2025-4719 · Unknown · Cbb Team Content Blocks Builder

Name of the Vulnerable Software and Affected Versions: CBB Team Content Blocks Builder versions n/a through 2.7.6 Description: The issue is related to improper neutralization of input during web page generation, which allows for stored cross-site scripting XSS. This means that an attacker can...

WordPress Content Blocks Builder Plugin <= 2.3.16 is vulnerable to Cross Site Scripting (XSS)

Software Content Blocks Builder Type Plugin Vulnerable versions = 2.3.16 Fixed in 2.3.17 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID b2bb9ceb8c06 Credits Rafie Muhammad Patchstack...