Skip to main content

Nexter Blocks CVE-2026-6740

| EUVDEUVD-2026-42232 MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2026-07-08 Wordfence GHSA-7825-vqgh-fjg4
6.4
CVSS 3.1 · Vendor: Wordfence
Share

Severity by source

Vendor (Wordfence) PRIMARY
6.4 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
vuln.today AI
5.4 MEDIUM

Stored XSS impact requires a victim to navigate to the injected page (UI:R); scope change is accurate as script executes in victim browser context (S:C); contributor authentication is required (PR:L).

3.1 AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
4.0 AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

Primary rating from Vendor (Wordfence).

CVSS VectorVendor: Wordfence

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

2
Analysis Generated
Jul 08, 2026 - 13:26 vuln.today
CVE Published
Jul 08, 2026 - 12:33 nvd
MEDIUM 6.4

DescriptionCVE.org

The Nexter Blocks - Gutenberg Blocks, Page Builder & AI Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'commentIcon' parameter in all versions up to, and including, 4.7.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

AnalysisAI

Stored cross-site scripting in the Nexter Blocks - Gutenberg Blocks, Page Builder & AI Website Builder WordPress plugin (versions through 4.7.4) enables authenticated contributors to persistently inject malicious JavaScript via the unsanitized 'commentIcon' parameter, executing in any visitor's browser on affected pages. The CVSS Scope:Changed metric reflects that attacker-controlled code crosses trust boundaries into the victim's browser session, enabling session hijacking, credential theft, or unauthorized actions on behalf of privileged users such as site administrators. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain or compromise contributor-level WordPress account
Delivery
Craft Nexter Blocks tp-post-meta block with malicious commentIcon payload
Exploit
Publish post, storing XSS payload in database
Execution
Privileged user (admin/editor) visits injected page
Persist
Browser executes attacker JavaScript in victim session
Impact
Exfiltrate session token or perform privileged actions on victim's behalf

Vulnerability AssessmentAI

Exploitation Exploitation requires a valid WordPress account with at minimum contributor-level privileges, as confirmed by PR:L in the CVSS vector - anonymous or subscriber-level access is insufficient. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 score of 6.4 (Medium) reflects a network-exploitable, low-complexity flaw with a scope change, but the PR:L metric is the primary real-world limiter - an attacker must control a valid WordPress contributor account. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who holds or compromises a contributor-level WordPress account on a target site uses the Nexter Blocks tp-post-meta block to craft a post or page, embedding a malicious JavaScript payload (such as a cookie exfiltration script) into the 'commentIcon' parameter before publishing. The payload persists in the database without sanitization. …
Remediation Update the Nexter Blocks plugin to a version beyond 4.7.4 via the WordPress plugin dashboard or wp-cli. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-6740 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy