Vulnerabilities and security researches foricon-list-block icon-list-block

Mar 31, 2026

CVE, Research URL: CVE-2026-32359
Home page URL: Security reports for Icon List Block – Use icons instead of bullets in the list.
Application: Icon List Block – Use icons instead of bullets in the list.
Date: Mar 14, 2026
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins Icon List Block icon-list-block allows Stored XSS.This issue affects Icon List Block: from n/a through <= 1.2.3.
Affected versions: max 1.2.3.
Status: vulnerable

Dec 11, 2025

CVE, Research URL: CVE-2025-12376
Home page URL: Security reports for Icon List Block – Use icons instead of bullets in the list.
Application: Icon List Block – Use icons instead of bullets in the list.
Date: Nov 18, 2025
Research Description: The Icon List Block – Add Icon-Based Lists with Custom Styles plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.2.1 via the fs_api_request function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. Only valid JSON objects are rendered in the response.
Affected versions: max 1.2.2.
Status: vulnerable

Feb 26, 2025

CVE, Research URL: CVE-2025-26937
Home page URL: Security reports for Icon List Block – Use icons instead of bullets in the list.
Application: Icon List Block – Use icons instead of bullets in the list.
Date: Feb 25, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins Icon List Block allows Stored XSS. This issue affects Icon List Block: from n/a through 1.1.3.
Affected versions: max 1.1.4.
Status: vulnerable