CVE-2024-5439

🗓️ 05 Jun 2024 08:10:15Reported by [email protected]Type

The Blocksy theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the custom_url parameter in all versions up to, and including, 2.0.50 due to insufficient input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary web scripts

Reporter	Title	Published	Views	Family All 6
Vulnrichment	CVE-2024-5439 Blocksy <= 2.0.50 - Authenticated (Contributor+) Stored Cross-Site Scripting	5 Jun 202407:34	–	vulnrichment
WPVulnDB	Blocksy < 2.0.51 - Authenticated (Contributor+) Stored Cross-Site Scripting	11 Jun 202400:00	–	wpvulndb
Cvelist	CVE-2024-5439 Blocksy <= 2.0.50 - Authenticated (Contributor+) Stored Cross-Site Scripting	5 Jun 202407:34	–	cvelist
Patchstack	WordPress Blocksy Theme <= 2.0.50 is vulnerable to Cross Site Scripting (XSS)	5 Jun 202400:00	–	patchstack
CVE	CVE-2024-5439	5 Jun 202408:15	–	cve
Wordfence Blog	Wordfence Intelligence Weekly WordPress Vulnerability Report (June 3, 2024 to June 9, 2024)	13 Jun 202415:35	–	wordfence

Nvd

Node

creativethemes blocksyRange<2.0.51wordpress

Source	Link
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/c05687f4-5ea2-4226-982f-c3499f204685
themes	www.themes.trac.wordpress.org/changeset

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

05 Jun 2024 08:15Current

6.1Medium risk

Vulners AI Score6.1

CVSS35.4

EPSS0.00045

CWE-79