CVE-2026-6378 | ckp267 MaxiBlocks Builder Plugin up to 2.1.9 on WordPress REST API Endpoint style-card sc_styles cross site scripting (EUVD-2026-26728)

Inserito da Angelo Barbosa | Mag 2, 2026 | CVE

A vulnerability marked as problematic has been reported in ckp267 MaxiBlocks Builder Plugin up to 2.1.9 on WordPress. This affects an unknown part of the file /wp-json/maxi-blocks/v1.0/style-card of the component REST API Endpoint. The manipulation of the argument sc_styles leads to cross site scripting.

This vulnerability is documented as CVE-2026-6378. The attack can be initiated remotely. There is not any exploit available.

It is suggested to upgrade the affected component.

CVE-2026-6378 | ckp267 MaxiBlocks Builder Plugin up to 2.1.9 on WordPress REST API Endpoint style-card sc_styles cross site scripting (EUVD-2026-26728)

Post correlati

CVE-2024-32845 | Ivanti EPM 2024/up to 2022 SU5 sql injection

CVE-2023-48668 | Dell PowerProtect DD os command injection (dsa-2023-412)

CVE-2023-52601 | Linux Kernel up to 6.7.3 jfs dmt_stree array index

CVE-2024-26495 | Friendica 2023.12 BBCode Tag cross site scripting (Issue 13884)