cleantalk
Vulnerabilities and Security Researches

Custom Blocks Constructor – Lazy Blocks, CVE-2024-12878

CVE, Research URL

CVE-2024-12878

Home page URL

Security reports for Custom Blocks Constructor – Lazy Blocks

Application

Custom Blocks Constructor – Lazy Blocks

Published on
Feb 26, 2025
Research Description
The Custom Block Builder WordPress plugin before 3.8.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
Affected versions
max 3.8.3.
Status
vulnerable
Previous vulnerability researches
Custom Blocks Constructor – Lazy Blocks (CVE-2026-1560) , Apr 15, 2026
Custom Blocks Constructor – Lazy Blocks (CVE-2024-12878) , Feb 15, 2025
New vulnerability
Beaver Builder – WordPress Page Builder (CVE-2026-1231) , Apr 15, 2026
CubeWP – All-in-One Dynamic Content Framework (CVE-2025-6461) , Apr 15, 2026
ShortPixel Image Optimizer – Optimize Images, Convert WebP & AVIF (CVE-2026-1246) , Apr 15, 2026
NextScripts: Social Networks Auto-Poster (CVE-2026-3228) , Apr 15, 2026
Code Snippets (CVE-2026-1785) , Apr 15, 2026