CVE-2026-4658 — Cross-Site Scripting (XSS)
CVE-2026-4658 — The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the className, classHook, and blockId attributes in the Add to Cart block (essential-blocks/add-to-cart) in all versions up to, and includi
What This Means For You
- If your environment is affected by CWE-79, review your exposure and prioritize patching based on your environment. Monitor vendor advisories for CVE-2026-4658 updates and patches.
Related ATT&CK Techniques
🛡️ Detection Rules
3 rules · 6 SIEM formats3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
WordPress Essential Blocks Stored XSS via className Attribute - CVE-2026-4658
title: WordPress Essential Blocks Stored XSS via className Attribute - CVE-2026-4658
id: scw-2026-05-02-ai-1
status: experimental
level: medium
description: |
Detects attempts to exploit CVE-2026-4658 in the Essential Blocks plugin for WordPress. This rule specifically looks for requests targeting the plugin's directory and containing suspicious parameters (className, classHook, blockId) along with common XSS payloads like '<script>' or 'alert('. This indicates a potential Stored XSS attack where an attacker injects malicious scripts into the className, classHook, or blockId attributes of the Add to Cart block.
author: SCW Feed Engine (AI-generated)
date: 2026-05-02
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2026-4658/
tags:
- attack.execution
- attack.t1059.001
logsource:
category: webserver
detection:
selection:
cs-uri|contains:
- '/wp-content/plugins/essential-blocks/'
cs-uri-query|contains:
- 'className='
- 'classHook='
- 'blockId='
cs-uri-query|contains:
- '<script>'
- 'alert('
condition: selection
falsepositives:
- Legitimate administrative activity
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-4658 | vulnerability | CVE-2026-4658 |
| CWE-79 | weakness | CWE-79 |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | May 02, 2026 at 08:16 UTC |
This content was curated and summarized by Shimi's Cyber World for informational purposes. It is not copied or republished in full. All intellectual property rights remain with the original author and source.
Believe this infringes your rights? Submit a takedown request.
Related coverage
WordPress Profile Builder Pro: Unauthenticated PHP Object Injection Risks Site Takeover
CVE-2026-7647 — The Profile Builder Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to and including 3.14.5. This is...
PixelYourSite Pro Plugin SSRF Vulnerability (CVE-2026-7049)
CVE-2026-7049 — The PixelYourSite Pro – Your smart PIXEL (TAG) Manager plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to,...
CVE-2026-6916 — Cross-Site Scripting (XSS)
CVE-2026-6916 — The Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress plugin for WordPress is vulnerable to Stored Cross-Site...