PT-2026-20638 · WordPress · Advance Block Extend

Athiwat Tiprasaharn

Publicado

2026-02-19

Atualizado

2026-02-23

CVE-2026-1646

CVSS v3.1

6.4

Média

Vetor

AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Advance Block Extend plugin for WordPress versions through 1.0.4

Description The Advance Block Extend plugin for WordPress has a Stored Cross-Site Scripting issue. This is due to insufficient input sanitization and output escaping in the TitleColor block attribute within the Latest Posts Gutenberg block. Authenticated attackers with Contributor-level access or higher can inject arbitrary web scripts into pages. These scripts will execute when a user accesses the affected page.

Recommendations Update the Advance Block Extend plugin to a version later than 1.0.4.

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2026-1646

Produtos afetados

Advance Block Extend

PT-2026-20638 · WordPress · Advance Block Extend

CVE-2026-1646

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5