Bricksable For Bricks Builder
Monthly
Stored Cross-Site Scripting in the Bricksable for Bricks Builder WordPress plugin (versions through 1.6.83) allows a high-privileged attacker to inject persistent malicious scripts into page builder elements, which then execute in victims' browsers when affected pages are loaded. The CVSS scope change (S:C) confirms the injected payload crosses into the victim's browser security context, enabling session hijacking, credential theft, or unauthorized actions on behalf of the viewing user. No public exploit code or active exploitation (CISA KEV) has been identified at time of analysis, but the stored nature of this XSS increases persistence risk relative to reflected variants.
Stored Cross-Site Scripting in the Bricksable for Bricks Builder WordPress plugin (versions through 1.6.83) allows a high-privileged attacker to inject persistent malicious scripts into page builder elements, which then execute in victims' browsers when affected pages are loaded. The CVSS scope change (S:C) confirms the injected payload crosses into the victim's browser security context, enabling session hijacking, credential theft, or unauthorized actions on behalf of the viewing user. No public exploit code or active exploitation (CISA KEV) has been identified at time of analysis, but the stored nature of this XSS increases persistence risk relative to reflected variants.