CVE-2026-32431
Received Received - Intake
DOM-Based XSS in Astra Bulk Edit Plugin Allows Code Injection

Publication date: 2026-03-13

Last updated on: 2026-03-13

Assigner: Patchstack

Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brainstorm Force Astra Bulk Edit astra-bulk-edit allows DOM-Based XSS.This issue affects Astra Bulk Edit: from n/a through <= 1.2.10.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-13
Last Modified
2026-03-13
Generated
2026-06-16
AI Q&A
2026-03-13
EPSS Evaluated
2026-06-15
NVD
CVE-2026-32431
EUVD
EUVD-2026-11965
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
brainstorm_force astra_bulk_edit to 1.2.10 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-32431 is a Cross Site Scripting (XSS) vulnerability affecting the WordPress Astra Bulk Edit Plugin versions up to and including 1.2.10.

This vulnerability allows a malicious actor to inject and execute malicious scriptsβ€”such as redirects, advertisements, or other HTML payloadsβ€”on websites using the affected plugin.

Exploitation requires user interaction by a privileged user (Contributor or Developer role), who must perform an action like clicking a malicious link, visiting a crafted page, or submitting a form.

Impact Analysis

This vulnerability can lead to the execution of malicious scripts on your website, which may result in unauthorized redirects, display of unwanted advertisements, or other harmful HTML payloads.

Because exploitation requires interaction by a privileged user, the risk is somewhat limited but still significant as it can compromise the integrity and security of your website.

The vulnerability has a moderate severity with a CVSS score of 6.5, indicating potential impacts on confidentiality, integrity, and availability.

Compliance Impact

I don't know

Detection Guidance

This vulnerability is a DOM-Based Cross Site Scripting (XSS) affecting the Astra Bulk Edit WordPress plugin up to version 1.2.10. Detection involves identifying if the vulnerable plugin version is installed and if privileged users (Contributor or Developer roles) have interacted with potentially malicious inputs.

There are no specific commands provided in the resources to detect exploitation on your network or system. However, general detection methods include:

  • Checking the installed version of the Astra Bulk Edit plugin to see if it is version 1.2.10 or earlier.
  • Monitoring web server logs for suspicious requests or unusual input patterns that could indicate attempted script injection.
  • Using web application security scanners that can detect XSS vulnerabilities in web applications.
  • Reviewing user activity logs for privileged users interacting with suspicious links or forms.
Mitigation Strategies

The primary immediate mitigation step is to update the Astra Bulk Edit plugin to version 1.2.11 or later, where this vulnerability has been patched.

Additional mitigation options include enabling auto-updates for the plugin to ensure timely application of security patches.

Limiting privileged user interactions with untrusted links or forms can reduce the risk of exploitation, as exploitation requires user interaction by privileged roles.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-32431. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart