CVE-2026-8365

The Blocksy theme for WordPress is vulnerable to PHP Object Injection leading to Remote Code Execution via the 'blocksymeta' REST API field and the V200 database migration in versions up to and including 2.1.35. This is due to insufficient input sanitization in the blocksysanitizepostmetaoptions...

CVE-2026-8365

The Blocksy WordPress theme (up to at least 2.1.41) is vulnerable to PHP Object Injection via the blocksy_meta REST API field and the V200 migration. Root cause: blocksy_sanitize_post_meta_options() only blocks '' and does not prevent serialized PHP objects, combined with SearchReplacer::run_recu...

PT-2026-47723

The Blocksy theme for WordPress is vulnerable to PHP Object Injection leading to Remote Code Execution via the 'blocksy meta' REST API field and the V200 database migration in versions up to and including 2.1.35. This is due to insufficient input sanitization in the blocksy sanitize post meta...

CVE-2026-2583 Blocksy <= 2.1.30 - Authenticated (Contributor+) Stored Cross-Site Scripting via `blocksy_meta` Fields

The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the blocksymeta metadata fields in all versions up to, and including, 2.1.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level acce...

CVE-2026-2583 Blocksy <= 2.1.30 - Authenticated (Contributor+) Stored Cross-Site Scripting via `blocksy_meta` Fields

The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the blocksymeta metadata fields in all versions up to, and including, 2.1.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level acce...

CVE-2026-2583

The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the blocksymeta metadata fields in all versions up to, and including, 2.1.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level acce...

PT-2026-22705

Name of the Vulnerable Software and Affected Versions Blocksy theme for WordPress versions up to and including 2.1.30 Description The Blocksy theme for WordPress is susceptible to Stored Cross-Site Scripting through the blocksy meta metadata fields. Insufficient input sanitization and output...

WordPress plugin Blocksy 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...