23 matches found
CVE-2026-8981
The CVE describes a vulnerability in the WordPress plugin Custom Block Builder (Lazy Blocks) prior to version 4.3.0 . The issue arises because the plugin does not consistently check the unfiltered_html capability across all code paths that write to its block template fields, enabling an administr...
CVE-2026-8981 Lazy Blocks < 4.3.0 - Admin+ Stored XSS via Custom Block Frontend HTML
The Custom Block Builder WordPress plugin before 4.3.0 does not consistently check the unfilteredhtml capability across all paths that write to its block template code fields, allowing administrators on multisite installations or single-site installs with DISALLOWUNFILTEREDHTML defined to inject...
CVE-2026-1560
The Custom Block Builder – Lazy Blocks plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.2.0 via multiple functions in the 'LazyBlocksBlocks' class. This makes it possible for authenticated attackers, with Contributor-level access and above, to...
Lazy Blocks <= 3.8.2 - Cross-Site Scripting
Custom Block Builder WordPress plugin 3.8.3 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before output, letting attackers execute malicious scripts in high privilege users' browsers, exploit requires victim to load malicious page. id:...
CVE-2026-1560
The Custom Block Builder – Lazy Blocks plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.2.0 via multiple functions in the 'LazyBlocksBlocks' class. This makes it possible for authenticated attackers, with Contributor-level access and above, to...
WordPress Custom Block Builder - Lazy Blocks plugin <= 4.2.0 - Authenticated (Contributor+) Remote Code Execution vulnerability
WordPress Custom Block Builder - Lazy Blocks plugin = 4.2.0 - Authenticated Contributor+ Remote Code Execution vulnerability discovered by Youssef Elouaer - ISET ZAGHOUAN in WordPress Plugin Lazy Blocks versions = 4.2.0...
CVE-2026-1560
The CVE covers the Custom Block Builder – Lazy Blocks plugin for WordPress, with RCE in all versions up to 4.2.0 via multiple functions in the LazyBlocks_Blocks class. Exploitation requires authenticated access at Contributor level or higher, enabling code execution on the server. The description...
CVE-2026-1560 Custom Block Builder – Lazy Blocks <= 4.2.0 - Authenticated (Contributor+) Remote Code Execution
The Custom Block Builder – Lazy Blocks plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.2.0 via multiple functions in the 'LazyBlocksBlocks' class. This makes it possible for authenticated attackers, with Contributor-level access and above, to...
CVE-2026-1560
The Custom Block Builder – Lazy Blocks plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.2.0 via multiple functions in the 'LazyBlocksBlocks' class. This makes it possible for authenticated attackers, with Contributor-level access and above, to...
CVE-2026-1560 Custom Block Builder – Lazy Blocks <= 4.2.0 - Authenticated (Contributor+) Remote Code Execution
The Custom Block Builder – Lazy Blocks plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.2.0 via multiple functions in the 'LazyBlocksBlocks' class. This makes it possible for authenticated attackers, with Contributor-level access and above, to...
PT-2026-7490
Name of the Vulnerable Software and Affected Versions Custom Block Builder – Lazy Blocks versions prior to 4.2.1 Description The Custom Block Builder – Lazy Blocks plugin for WordPress has a flaw that allows for Remote Code Execution. An authenticated attacker with Contributor-level access or...
WordPress plugin Custom Block Builder – Lazy Blocks 代码注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added t...
Exploit for CVE-2026-1560
CVE-2026-XXXX – Authenticated Remote Code Execution in Lazy Bl...
EUVD-2025-30585
Malicious code in bioql PyPI...
CVE-2025-58258
Missing Authorization vulnerability in nK Lazy Blocks lazy-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Lazy Blocks: from n/a through = 4.1.0...
CVE-2025-58258
Missing Authorization vulnerability in nK Lazy Blocks lazy-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Lazy Blocks: from n/a through = 4.1.0...
WordPress Lazy Blocks Plugin <= 4.1.0 - Broken Access Control Vulnerability
Broken Access Control Vulnerability discovered by MD ISMAIL in WordPress Plugin Lazy Blocks versions = 4.1.0...
CVE-2025-58258 WordPress Lazy Blocks Plugin <= 4.1.0 - Broken Access Control Vulnerability
Missing Authorization vulnerability in nK Lazy Blocks lazy-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Lazy Blocks: from n/a through = 4.1.0...
CVE-2025-58258
CVE-2025-58258 is a Missing Authorization issue in the WordPress plugin Lazy Blocks (Custom Block Builder). Affected: Lazy Blocks versions 4.1.0 and earlier. Root cause per the document is improper access control that allows unauthorized actions due to configured security levels. The CVE is docum...
CVE-2025-58258 WordPress Lazy Blocks Plugin <= 4.1.0 - Broken Access Control Vulnerability
Missing Authorization vulnerability in nK Lazy Blocks lazy-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Lazy Blocks: from n/a through = 4.1.0...