CVE-2026-1646
Stored XSS in Advance Block Extend WordPress Plugin (TitleColor
Publication date: 2026-02-19
Last updated on: 2026-02-19
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| advance_block_extend | advance_block_extend | to 1.0.4 (inc) |
| advance_block_extend | plugin | to 1.0.4 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-1646 is a Stored Cross-Site Scripting (XSS) vulnerability in the Advance Block Extend plugin for WordPress, specifically in the Latest Posts Gutenberg block. The vulnerability arises from insufficient input sanitization and output escaping of the TitleColor block attribute. This allows authenticated users with Contributor-level access or higher to inject arbitrary web scripts into pages. These scripts execute whenever any user accesses the injected page, potentially compromising the site.
How can this vulnerability impact me? :
This vulnerability can allow attackers with Contributor-level access to inject malicious scripts into WordPress pages. These scripts execute in the browsers of users who visit the affected pages, potentially leading to theft of user credentials, session hijacking, defacement, or distribution of malware. Because the vulnerability is stored, the malicious code persists and affects all users who view the compromised content.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'Detection of this vulnerability involves identifying if the Advance Block Extend plugin version 1.0.4 or earlier is installed and active on your WordPress site.'}, {'type': 'paragraph', 'content': 'Since the vulnerability is a Stored Cross-Site Scripting via the TitleColor block attribute in the Latest Posts Gutenberg block, detection can include searching for suspicious or unexpected script tags or JavaScript code injected into pages that use this block.'}, {'type': 'paragraph', 'content': 'You can check the plugin version using WP-CLI with the following command:'}, {'type': 'list_item', 'content': 'wp plugin list --status=active | grep advance-block-extend'}, {'type': 'paragraph', 'content': 'To detect injected scripts in the content, you might search the WordPress database for suspicious script tags in posts or pages using SQL commands like:'}, {'type': 'list_item', 'content': "SELECT ID, post_title FROM wp_posts WHERE post_content LIKE '%<script>%';"}, {'type': 'paragraph', 'content': 'Additionally, monitoring HTTP responses for unexpected script injections on pages using the Latest Posts Gutenberg block can help detect exploitation attempts.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating the Advance Block Extend plugin to a version later than 1.0.4 where the vulnerability is fixed.
If an update is not yet available, consider disabling or deactivating the plugin to prevent exploitation.
Restrict Contributor-level and higher user permissions to trusted users only, as the vulnerability requires authenticated users with at least Contributor access.
Review and sanitize any content created with the Latest Posts Gutenberg block to remove potentially malicious scripts.
Implement Web Application Firewall (WAF) rules to block suspicious script injections targeting this plugin.