CVE-2026-39575

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ronald Huereca Custom Query Blocks post-type-archive-mapping allows DOM-Based XSS.This issue affects Custom Query Blocks: from n/a through <= 5.5.0.

References

• https://patchstack.com/database/Wordpress/Plugin/post-type-archive-mapping/vulnerability/wordpress-custom-query-blocks-plugin-5-5-0-cross-site-scripting-xss-vulnerability?_s_id=cve