{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-39516", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2026-04-07T10:48:03.414Z", "datePublished": "2026-04-08T08:30:14.904Z", "dateUpdated": "2026-04-08T08:30:14.904Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "the-plus-addons-for-block-editor", "product": "Nexter Blocks", "vendor": "POSIMYTH", "versions": [{"changes": [{"at": "4.7.1", "status": "unaffected"}], "lessThanOrEqual": "4.7.0", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Bao - BlueRock | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-08T10:29:01.852Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in POSIMYTH Nexter Blocks the-plus-addons-for-block-editor allows Retrieve Embedded Sensitive Data.<p>This issue affects Nexter Blocks: from n/a through <= 4.7.0.</p>"}], "value": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in POSIMYTH Nexter Blocks the-plus-addons-for-block-editor allows Retrieve Embedded Sensitive Data.This issue affects Nexter Blocks: from n/a through <= 4.7.0."}], "impacts": [{"capecId": "CAPEC-37", "descriptions": [{"lang": "en", "value": "Retrieve Embedded Sensitive Data"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-497", "description": "Exposure of Sensitive System Information to an Unauthorized Control Sphere", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-08T08:30:14.904Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/the-plus-addons-for-block-editor/vulnerability/wordpress-nexter-blocks-plugin-4-7-0-sensitive-data-exposure-vulnerability?_s_id=cve"}], "title": "WordPress Nexter Blocks plugin <= 4.7.0 - Sensitive Data Exposure vulnerability"}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in POSIMYTH Nexter Blocks the-plus-addons-for-block-editor allows Retrieve Embedded Sensitive Data.This issue affects Nexter Blocks: from n/a through <= 4.7.0."}], "id": "CVE-2026-39516", "lastModified": "2026-04-08T21:26:35.910", "metrics": {}, "published": "2026-04-08T09:16:25.353", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Plugin/the-plus-addons-for-block-editor/vulnerability/wordpress-nexter-blocks-plugin-4-7-0-sensitive-data-exposure-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-497"}], "source": "audit@patchstack.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,4.7.0]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Nexter Blocks", "source": "cna", "vendor": "POSIMYTH"}, "product": "nexter_blocks", "vendor": "posimyth"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-04-08T10:15:57.977468+00:00", "value": {"mitigation_remediation": ["Upgrade Nexter Blocks to a version newer than 4.7.0 as soon as it becomes available", "If upgrading is not possible, deactivate or uninstall the plugin from the WordPress installation", "Restrict access to the WordPress administrative interface to reduce the likelihood of a legitimate user triggering the exposure", "Regularly monitor for plugin updates or security advisories"], "summary": {"action": "Apply Patch", "impact": "Sensitive Data Exposure"}, "threat_synthesis": {"affected_systems": "The issue affects all releases of POSIMYTH Nexter Blocks from the earliest available version through version 4.7.0. Any WordPress installation that has this plugin installed at a vulnerable version may be exposed.", "description_and_impact": "The Nexter Blocks plugin, also known as the-plus-addons-for-block-editor, contains a flaw that allows embedded sensitive system data to be retrieved by an unauthorized entity. This weakness, classified as CWE\u2011497, results in sensitive data exposure and could compromise the confidentiality of a WordPress site.", "risk_and_exploitability": "The CVE description does not specify the exact attack vector or prerequisites; it only states that the plugin permits retrieval of sensitive data. Based on the description, it is inferred that an attacker might access the exposed data by visiting plugin\u2011related endpoints or through the WordPress administration interface. Because no CVSS or EPSS score is provided and the vulnerability is not listed in CISA's KEV catalog, the exact severity and likelihood of exploitation cannot be quantified. Nonetheless, if the plugin is present and accessible, the potential for confidential information leakage remains high, especially for users with sufficient privileges or for attackers who can embed the plugin in a site."}}}}, "created": "2026-04-08T19:30:31.024317+00:00", "updated": "2026-04-08T19:42:57.480801+00:00", "vendors": ["posimyth", "posimyth$PRODUCT$nexter_blocks", "wordpress", "wordpress$PRODUCT$wordpress"]}