Filtered by vendor Custom Block Builder
Subscriptions
Filtered by product Custom Block Builder
Subscriptions
Total
1 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-8981 | 2 Custom Block Builder, Wordpress | 2 Custom Block Builder, Wordpress | 2026-06-09 | 3.5 Low |
| The Custom Block Builder WordPress plugin before 4.3.0 does not consistently check the unfiltered_html capability across all paths that write to its block template code fields, allowing administrators on multisite installations (or single-site installs with DISALLOW_UNFILTERED_HTML defined) to inject arbitrary JavaScript that executes for any visitor of pages embedding the affected block. | ||||
Page 1 of 1.