CVE-2026-32359 in Icon List Block Plugin
Summary
by MITRE • 03/13/2026
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins Icon List Block icon-list-block allows Stored XSS.This issue affects Icon List Block: from n/a through <= 1.2.3.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 03/20/2026
This cross-site scripting vulnerability exists within the bPlugins Icon List Block plugin, specifically in versions up to and including 1.2.3, where the plugin fails to properly sanitize user input during web page generation processes. The flaw allows attackers to inject malicious scripts that persist in the plugin's output, creating a stored cross-site scripting condition that can affect any user who views the affected web pages. The vulnerability stems from inadequate input validation and output encoding mechanisms within the icon-list-block plugin, which processes user-provided data without sufficient sanitization before rendering it in HTML contexts. This weakness enables attackers to execute arbitrary JavaScript code in the context of the victim's browser, potentially leading to session hijacking, credential theft, or other malicious activities.
The technical implementation of this vulnerability occurs when the plugin stores user input containing malicious script payloads within its icon list functionality. When subsequent users access pages utilizing this plugin, the stored scripts execute automatically in their browsers, creating a persistent threat vector. The vulnerability classification aligns with CWE-79 - Improper Neutralization of Input During Web Page Generation, which specifically addresses situations where web applications fail to properly escape or encode user-controllable data before incorporating it into dynamically generated HTML content. This weakness creates a direct pathway for attackers to manipulate the web application's behavior and compromise user security.
The operational impact of this stored cross-site scripting vulnerability is significant, as it allows attackers to maintain persistent access to user sessions and potentially escalate privileges within the affected web application. Users who view pages containing the malicious content become victims of the attack without any interaction beyond normal browsing activities. The vulnerability can be exploited to steal authentication tokens, modify user data, redirect users to malicious websites, or perform actions on behalf of authenticated users. The stored nature of the vulnerability means that the attack remains active until the malicious content is removed from the plugin's storage, making it particularly dangerous for high-traffic websites where many users may be affected simultaneously.
Organizations should immediately implement multiple layers of mitigation strategies to address this vulnerability. The primary recommendation involves updating the icon-list-block plugin to version 1.2.4 or later, which contains the necessary patches to properly sanitize user input and prevent script injection. Additionally, administrators should implement content security policies to limit script execution within the affected application contexts, and conduct thorough input validation for all user-provided data within the plugin's functionality. Regular security audits should verify that all plugin components properly encode output and validate input before processing. The ATT&CK framework categorizes this vulnerability under T1566 - Phishing, as attackers can leverage the stored XSS to create convincing malicious web pages that appear legitimate to end users, making user education and awareness programs essential components of the overall security strategy.