CVE-2026-8981 — The Custom Block Builder WordPress plugin before 4.3.0 does not consistently check the unfiltered_html capability across all paths that write to its block template code fields, allowing administrator — CVE Database · The Intelligence Room