Skip to main content

Bricksable For Bricks Builder

1 CVEs product

Monthly

CVE-2026-56009 MEDIUM This Month

Stored Cross-Site Scripting in the Bricksable for Bricks Builder WordPress plugin (versions through 1.6.83) allows a high-privileged attacker to inject persistent malicious scripts into page builder elements, which then execute in victims' browsers when affected pages are loaded. The CVSS scope change (S:C) confirms the injected payload crosses into the victim's browser security context, enabling session hijacking, credential theft, or unauthorized actions on behalf of the viewing user. No public exploit code or active exploitation (CISA KEV) has been identified at time of analysis, but the stored nature of this XSS increases persistence risk relative to reflected variants.

XSS Bricksable For Bricks Builder
NVD VulDB
CVSS 3.1
5.9
EPSS
0.1%
EPSS 0% CVSS 5.9
MEDIUM This Month

Stored Cross-Site Scripting in the Bricksable for Bricks Builder WordPress plugin (versions through 1.6.83) allows a high-privileged attacker to inject persistent malicious scripts into page builder elements, which then execute in victims' browsers when affected pages are loaded. The CVSS scope change (S:C) confirms the injected payload crosses into the victim's browser security context, enabling session hijacking, credential theft, or unauthorized actions on behalf of the viewing user. No public exploit code or active exploitation (CISA KEV) has been identified at time of analysis, but the stored nature of this XSS increases persistence risk relative to reflected variants.

XSS Bricksable For Bricks Builder
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy