CVE-2026-4658 | wpdevteam Gutenberg Essential Blocks Plugin up to 6.0.4 on WordPress render_callback className/classHook/blockId cross site scripting

Inserito da Angelo Barbosa | Mag 2, 2026 | CVE

A vulnerability categorized as problematic has been discovered in wpdevteam Gutenberg Essential Blocks Plugin up to 6.0.4 on WordPress. This affects the function render_callback. Executing a manipulation of the argument className/classHook/blockId can lead to cross site scripting.

This vulnerability is tracked as CVE-2026-4658. The attack can be launched remotely. No exploit exists.

It is advisable to upgrade the affected component.

CVE-2026-4658 | wpdevteam Gutenberg Essential Blocks Plugin up to 6.0.4 on WordPress render_callback className/classHook/blockId cross site scripting

Post correlati

CVE-2026-25378 | Nelio AB Testing Plugin up to 8.2.4 on WordPress sql injection

CVE-2025-24791 | snowflakedb snowflake-connector-nodejs up to 2.0.1 Cache permissions

CVE-2025-59055 | instantsoft icms2 up to 2.17.3 HTTPS Request package server-side request forgery (GHSA-79hh-mhvg-whrw)

CVE-2026-30933 | gtsteffaniak filebrowser /public/api/share/info missing authentication