Skip to main content

Nexter Blocks Gutenberg Blocks Page Builder Ai Website Builder

1 CVEs product

Monthly

CVE-2026-6740 MEDIUM This Month

Stored cross-site scripting in the Nexter Blocks - Gutenberg Blocks, Page Builder & AI Website Builder WordPress plugin (versions through 4.7.4) enables authenticated contributors to persistently inject malicious JavaScript via the unsanitized 'commentIcon' parameter, executing in any visitor's browser on affected pages. The CVSS Scope:Changed metric reflects that attacker-controlled code crosses trust boundaries into the victim's browser session, enabling session hijacking, credential theft, or unauthorized actions on behalf of privileged users such as site administrators. No public exploit code or CISA KEV listing was identified at time of analysis.

WordPress XSS Nexter Blocks Gutenberg Blocks Page Builder Ai Website Builder
NVD
CVSS 3.1
6.4
EPSS
0.2%
EPSS 0% CVSS 6.4
MEDIUM This Month

Stored cross-site scripting in the Nexter Blocks - Gutenberg Blocks, Page Builder & AI Website Builder WordPress plugin (versions through 4.7.4) enables authenticated contributors to persistently inject malicious JavaScript via the unsanitized 'commentIcon' parameter, executing in any visitor's browser on affected pages. The CVSS Scope:Changed metric reflects that attacker-controlled code crosses trust boundaries into the victim's browser session, enabling session hijacking, credential theft, or unauthorized actions on behalf of privileged users such as site administrators. No public exploit code or CISA KEV listing was identified at time of analysis.

WordPress XSS Nexter Blocks Gutenberg Blocks Page Builder Ai Website Builder
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy