CVE-2026-2028

Name of the Vulnerable Software and Affected Versions MaxiBlocks Builder versions prior to 2.1.9

Description Insufficient file ownership validation in the 'maxi remove custom image size' AJAX action allows authenticated attackers with Author-level access or higher to delete arbitrary media files within the wp-content/uploads directory. This includes files uploaded by other users and administrators.

Recommendations Update to a version newer than 2.1.8.