8 matches found
CVE-2026-6378
The Maxi Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the /wp-json/maxi-blocks/v1.0/style-card REST API endpoint in all versions up to, and including, 2.1.9 due to insufficient input sanitization and output escaping of the scstyles parameter. This makes it possible...
CVE-2026-6378
The Maxi Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the /wp-json/maxi-blocks/v1.0/style-card REST API endpoint in all versions up to, and including, 2.1.9 due to insufficient input sanitization and output escaping of the scstyles parameter. This makes it possible...
EUVD-2026-26728
The Maxi Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the /wp-json/maxi-blocks/v1.0/style-card REST API endpoint in all versions up to, and including, 2.1.9 due to insufficient input sanitization and output escaping of the scstyles parameter. This makes it possible...
CVE-2026-6378 Maxi Blocks <= 2.1.9 - Authenticated (Author+) Stored Cross-Site Scripting via Style Card REST API
The Maxi Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the /wp-json/maxi-blocks/v1.0/style-card REST API endpoint in all versions up to, and including, 2.1.9 due to insufficient input sanitization and output escaping of the scstyles parameter. This makes it possible...
CVE-2026-6378
The Maxi Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the /wp-json/maxi-blocks/v1.0/style-card REST API endpoint in all versions up to, and including, 2.1.9 due to insufficient input sanitization and output escaping of the scstyles parameter. This makes it possible...
CVE-2026-6378 Maxi Blocks <= 2.1.9 - Authenticated (Author+) Stored Cross-Site Scripting via Style Card REST API
The Maxi Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the /wp-json/maxi-blocks/v1.0/style-card REST API endpoint in all versions up to, and including, 2.1.9 due to insufficient input sanitization and output escaping of the scstyles parameter. This makes it possible...
CVE-2026-6378
CVE-2026-6378 concerns the Maxi Blocks WordPress plugin. It describes a Stored Cross-Site Scripting (XSS) vulnerability via the REST API endpoint /wp-json/maxi-blocks/v1.0/style-card, affecting all versions up to and including 2.1.9. The root cause is insufficient input sanitization and output es...
PT-2026-36560
Name of the Vulnerable Software and Affected Versions Maxi Blocks versions prior to 2.2.0 Description The Maxi Blocks plugin for WordPress contains a stored cross-site scripting issue. This occurs due to insufficient input sanitization and output escaping of the sc styles parameter within the...