Lucene search
K

33 matches found

Patchstack
Patchstack
added 2026/06/11 11:24 a.m.12 views

WordPress Lazy Blocks plugin < 4.3.0 - Admin+ Stored XSS via Custom Block Frontend HTML vulnerability

Admin+ Stored XSS via Custom Block Frontend HTML vulnerability discovered by Luca Jungnickel in WordPress Plugin Lazy Blocks versions 4.3.0...

3.5CVSS5.4AI score0.00138EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/10 8:59 a.m.10 views

CVE-2026-8981

The Custom Block Builder WordPress plugin before 4.3.0 does not consistently check the unfilteredhtml capability across all paths that write to its block template code fields, allowing administrators on multisite installations or single-site installs with DISALLOWUNFILTEREDHTML defined to inject...

3.5CVSS5.7AI score0.00138EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 6:16 a.m.13 views

CVE-2026-8981

The Custom Block Builder WordPress plugin before 4.3.0 does not consistently check the unfilteredhtml capability across all paths that write to its block template code fields, allowing administrators on multisite installations or single-site installs with DISALLOWUNFILTEREDHTML defined to inject...

3.5CVSS0.00138EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/09 6:0 a.m.37 views

CVE-2026-8981 Lazy Blocks < 4.3.0 - Admin+ Stored XSS via Custom Block Frontend HTML

The Custom Block Builder WordPress plugin before 4.3.0 does not consistently check the unfilteredhtml capability across all paths that write to its block template code fields, allowing administrators on multisite installations or single-site installs with DISALLOWUNFILTEREDHTML defined to inject...

0.00138EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 6:0 a.m.8 views

CVE-2026-8981 Lazy Blocks < 4.3.0 - Admin+ Stored XSS via Custom Block Frontend HTML

The Custom Block Builder WordPress plugin before 4.3.0 does not consistently check the unfilteredhtml capability across all paths that write to its block template code fields, allowing administrators on multisite installations or single-site installs with DISALLOWUNFILTEREDHTML defined to inject...

5.7AI score0.00138EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 6:0 a.m.12 views

EUVD-2026-35352

The Custom Block Builder WordPress plugin before 4.3.0 does not consistently check the unfilteredhtml capability across all paths that write to its block template code fields, allowing administrators on multisite installations or single-site installs with DISALLOWUNFILTEREDHTML defined to inject...

3.5CVSS5.7AI score0.00138EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.13 views

PT-2026-47690

The Custom Block Builder WordPress plugin before 4.3.0 does not consistently check the unfiltered html capability across all paths that write to its block template code fields, allowing administrators on multisite installations or single-site installs with DISALLOW UNFILTERED HTML defined to inje...

5.7AI score0.00138EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.14 views

WordPress plugin Custom Block Builder 跨站脚本漏洞

WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed on a website. The WordPress Plugin Custom Block Builder has a cross-site...

3.5CVSS6.1AI score0.00138EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/12 1:42 p.m.9 views

CVE-2026-1560

The Custom Block Builder – Lazy Blocks plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.2.0 via multiple functions in the 'LazyBlocksBlocks' class. This makes it possible for authenticated attackers, with Contributor-level access and above, to...

8.8CVSS5.9AI score0.09093EPSS
Exploits1References1
NVD
NVD
added 2026/02/11 9:15 a.m.13 views

CVE-2026-1560

The Custom Block Builder – Lazy Blocks plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.2.0 via multiple functions in the 'LazyBlocksBlocks' class. This makes it possible for authenticated attackers, with Contributor-level access and above, to...

8.8CVSS0.09093EPSS
Exploits1References5
CVE
CVE
added 2026/02/11 8:26 a.m.27 views

CVE-2026-1560

The CVE covers the Custom Block Builder – Lazy Blocks plugin for WordPress, with RCE in all versions up to 4.2.0 via multiple functions in the LazyBlocks_Blocks class. Exploitation requires authenticated access at Contributor level or higher, enabling code execution on the server. The description...

8.8CVSS5.9AI score0.09093EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/02/11 8:26 a.m.7 views

CVE-2026-1560 Custom Block Builder – Lazy Blocks <= 4.2.0 - Authenticated (Contributor+) Remote Code Execution

The Custom Block Builder – Lazy Blocks plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.2.0 via multiple functions in the 'LazyBlocksBlocks' class. This makes it possible for authenticated attackers, with Contributor-level access and above, to...

8.8CVSS5.9AI score0.09093EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/02/11 8:26 a.m.29 views

CVE-2026-1560 Custom Block Builder – Lazy Blocks <= 4.2.0 - Authenticated (Contributor+) Remote Code Execution

The Custom Block Builder – Lazy Blocks plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.2.0 via multiple functions in the 'LazyBlocksBlocks' class. This makes it possible for authenticated attackers, with Contributor-level access and above, to...

8.8CVSS0.09093EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/02/11 12:0 a.m.10 views

PT-2026-7490

Name of the Vulnerable Software and Affected Versions Custom Block Builder – Lazy Blocks versions prior to 4.2.1 Description The Custom Block Builder – Lazy Blocks plugin for WordPress has a flaw that allows for Remote Code Execution. An authenticated attacker with Contributor-level access or...

8.8CVSS5.8AI score0.09093EPSS
Exploits1References11
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/06/29 10:58 a.m.4 views

Malicious code in @checkbox-technology-pty-ltd/custom-block-kit (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis ba31877b88dff4452a6868ad1ecebb0757a820bf7bf3cb5b52205da653a20624 The OpenSSF Package Analysis project identified...

6.9AI score
Exploits0
NVD
NVD
added 2025/02/26 1:15 p.m.8 views

CVE-2024-12878

The Custom Block Builder WordPress plugin before 3.8.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS0.00593EPSS
Exploits1References1
OSV
OSV
added 2025/02/26 1:15 p.m.4 views

CVE-2024-12878

The Custom Block Builder WordPress plugin before 3.8.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS5.8AI score0.00593EPSS
Exploits1References1
CVE
CVE
added 2025/02/26 6:0 a.m.66 views

CVE-2024-12878

CVE-2024-12878 affects the WordPress plugin Custom Block Builder (Lazy Blocks) up to version 3.8.3. The vulnerability is a Reflected XSS caused by insufficient sanitisation/escaping of an input parameter before it is output on the page, potentially enabling an attacker to target high-privilege us...

7.1CVSS7AI score0.00593EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2025/02/26 6:0 a.m.17 views

CVE-2024-12878 Custom Block Builder – Lazy Blocks < 3.8.3 - Reflected XSS

The Custom Block Builder WordPress plugin before 3.8.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

0.00593EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/02/26 6:0 a.m.9 views

CVE-2024-12878 Custom Block Builder – Lazy Blocks < 3.8.3 - Reflected XSS

The Custom Block Builder WordPress plugin before 3.8.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.5AI score0.00593EPSS
Exploits1References1
Rows per page
Query Builder