CVE-2026-32431
Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brainstorm Force Astra Bulk Edit astra-bulk-edit allows DOM-Based XSS.This issue affects Astra Bulk Edit: from n/a through <= 1.2.10.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A DOM-Based XSS vulnerability in Astra Bulk Edit plugin (≤1.2.10) allows attackers to inject malicious scripts via crafted input.
Vulnerability
Overview The Astra Bulk Edit plugin for WordPress, versions up to and prior, contains a DOM-Based Cross-Site Scripting (XSS) vulnerability due to improper neutralization of user input during web page generation [1]. This flaw allows an attacker to inject arbitrary JavaScript code that executes in the context of the victim's browser session.
Exploitation
Requirements Exploitation requires a privileged user (e.g., administrator) to perform an action such as clicking a malicious link or visiting a crafted page [1]. The attack is DOM-based, meaning the payload is processed client-side without being sent to the server, which can bypass some server-side filters.
Impact
Successful exploitation could allow an attacker to inject malicious scripts, including redirects, advertisements, or other HTML payloads, which execute when other users visit the affected site [1]. This can lead to session hijacking, defacement, or phishing attacks.
Mitigation
The vulnerability has been addressed in version 1.2.11 of the plugin [1]. Users are strongly advised to update immediately. For Patchstack users, auto-updates can be enabled for vulnerable plugins [1].
AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: <=1.2.10
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.