Post Blocks Tools

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2026-5711 MEDIUM This Month

Stored Cross-Site Scripting in Post Blocks & Tools WordPress plugin versions up to 1.3.0 allows authenticated attackers with author-level access to inject arbitrary JavaScript through the 'sliderStyle' block attribute in the Posts Slider block, which executes in the browsers of all users viewing affected pages. The vulnerability stems from insufficient input sanitization and output escaping, enabling persistent payload injection that affects any site administrator or editor visiting a compromised post.

WordPress XSS Post Blocks Tools

NVD

CVSS 3.1

6.4

EPSS

0.0%

CVE-2026-5711

EPSS 0% CVSS 6.4

MEDIUM This Month

Stored Cross-Site Scripting in Post Blocks & Tools WordPress plugin versions up to 1.3.0 allows authenticated attackers with author-level access to inject arbitrary JavaScript through the 'sliderStyle' block attribute in the Posts Slider block, which executes in the browsers of all users viewing affected pages. The vulnerability stems from insufficient input sanitization and output escaping, enabling persistent payload injection that affects any site administrator or editor visiting a compromised post.

WordPress XSS Post Blocks Tools

NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy