CVE-2026-2028 | ckp267 MaxiBlocks Builder Plugin up to 2.1.8 on WordPress /wp-content/uploads maxi_remove_custom_image_size authorization

A vulnerability has been found in ckp267 MaxiBlocks Builder Plugin up to 2.1.8 on WordPress and classified as critical. This affects the function maxi_remove_custom_image_size of the file /wp-content/uploads. This manipulation causes authorization bypass.

This vulnerability is tracked as CVE-2026-2028. The attack is possible to be carried out remotely. No exploit exists.

The affected component should be upgraded.VulDB Recent EntriesRead More