CVE-2026-56009 PUBLISHED

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bricksable for Bricks Builder allows Stored XSS.

This issue affects Bricksable for Bricks Builder: from n/a through 1.6.83.

Update the WordPress Bricksable for Bricks Builder Plugin to the latest available version (at least 1.6.84).

• Ananda Dhakal | Patchstack finder

• https://patchstack.com/database/wordpress/plugin/bricksable/vulnerability/wordpress-bricksable-for-bricks-builder-plugin-1-6-83-cross-site-scripting-xss-vulnerability?_s_id=cve

• CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE

• CAPEC-592 Stored XSS