CVE-2026-57650
MediumCVSS 6.5Summary
Cross Site Scripting (XSS) vulnerability in Magazine Blocks plugin versions up to 1.8.3 allows an attacker to inject malicious JavaScript code. The flaw exists in the contributor context, meaning it can be exploited by users with low privileges.
Risk Assessment
The risk involves the execution of arbitrary scripts in the victim's browser, potentially leading to session theft, account takeover, or website defacement. The attack requires user interaction but can be carried out by an authenticated user with contributor role.
Recommendation
It is recommended to immediately update the Magazine Blocks plugin to version 1.8.4 or later. Also, restrict user privileges and apply the principle of least privilege.
Original NVD description (English source)
Contributor Cross Site Scripting (XSS) in Magazine Blocks <= 1.8.3 versions.

