LOW
Custom Block Builder
CVE published 2026-06-09
CVE-2026-8981
CVE-2026-8981 is a vulnerability in the Custom Block Builder WordPress plugin before version 4.3.0. The plugin does not consistently check the unfiltered_html capability across all paths that write to its block template code fields. This allows administrators on multisite installations (or single-site installs with DISALLOW_UNFILTERED_HTML defined) to inject arbitrary JavaScript that executes for any visi [truncated]