A vulnerability was found in Custom Block Builder Plugin up to 4.2.x on WordPress. It has been declared as problematic . The affected element is an unknown function of the component Installation Handler . Such manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2026-8981 . The attack can be launched remotely. No exploit exists. It is recommended to upgrade the affected component.