Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bricksable for Bricks Builder allows Stored XSS.

This issue affects Bricksable for Bricks Builder: from n/a through 1.6.83.
Published: 2026-06-18
Score: 5.9 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Improper neutralization of input during web page generation allows a stored cross‑site scripting flaw in the Bricksable for Bricks Builder plugin. The weakness originates from unsanitized user‑supplied data stored in plugin settings, enabling execution of arbitrary JavaScript in the context of a site visitor's browser. This can lead to cookie theft, session hijacking, or defacement when a malicious script runs.

Affected Systems

The vulnerability affects the Bricksable for Bricks Builder WordPress plugin up to and including version 1.6.83. Any WordPress installation that uses this plugin in those versions is potentially vulnerable.

Risk and Exploitability

The CVSS base score of 5.9 indicates a moderate severity level. With no EPSS data and the issue not listed in KEV, exploitation is considered unlikely, yet the stored XSS nature means any attacker who can inject content—such as a compromised user account or an administrative exploitation—could deliver scripts to all site visitors. The likely attack vector is an attacker inserting malicious payloads into plugin data that is later rendered without proper escaping.

Generated by OpenCVE AI on June 18, 2026 at 19:46 UTC.

Remediation

Vendor Solution

Update the WordPress Bricksable for Bricks Builder Plugin to the latest available version (at least 1.6.84).

OpenCVE Recommended Actions

  • Upgrade Bricksable for Bricks Builder to version 1.6.84 or later.
  • After updating, purge cached or stored content and delete any remnants of malicious scripts that may have been planted in the plugin configuration.
  • Perform a security scan of the site to confirm that the XSS vector has been closed and to identify any other plugins that might have similar input‑validation weaknesses.

Generated by OpenCVE AI on June 18, 2026 at 19:46 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 18 Jun 2026 21:15:00 +0000

Type Values Removed Values Added
First Time appeared Bricksable
Bricksable bricksable For Bricks Builder
Wordpress
Wordpress wordpress
Vendors & Products Bricksable
Bricksable bricksable For Bricks Builder
Wordpress
Wordpress wordpress

Thu, 18 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bricksable for Bricks Builder allows Stored XSS. This issue affects Bricksable for Bricks Builder: from n/a through 1.6.83.
Title WordPress Bricksable for Bricks Builder plugin <= 1.6.83 - Cross Site Scripting (XSS) vulnerability
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 5.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Subscriptions

Bricksable Bricksable For Bricks Builder
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-06-18T12:57:19.745Z

Reserved: 2026-06-18T09:31:56.470Z

Link: CVE-2026-56009

cve-icon Vulnrichment

Updated: 2026-06-18T12:57:15.339Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T21:00:13Z

Weaknesses
  • CWE-79

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')