Lucene search
K

287 matches found

Cvelist
Cvelist
added 2026/06/17 9:51 a.m.30 views

CVE-2026-40783 WordPress Blocksy Companion Pro plugin <= 2.1.37 - Remote Code Execution (RCE) vulnerability

Contributor Remote Code Execution RCE in Blocksy Companion Pro = 2.1.37 versions...

9.9CVSS0.00541EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 9:50 a.m.9 views

CVE-2026-39596

The CVE covers WordPress Blocksy Companion Pro plugin, vulnerable in versions

9.3CVSS5.7AI score0.00372EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 9:50 a.m.31 views

CVE-2026-39596 WordPress Blocksy Companion Pro plugin < 2.1.29 - SQL Injection vulnerability

Unauthenticated SQL Injection in Blocksy Companion Pro 2.1.29 versions...

9.3CVSS0.00372EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/10 8:59 a.m.12 views

CVE-2026-8365

The Blocksy theme for WordPress is vulnerable to PHP Object Injection leading to Remote Code Execution via the 'blocksymeta' REST API field and the V200 database migration in versions up to and including 2.1.35. This is due to insufficient input sanitization in the blocksysanitizepostmetaoptions...

8.8CVSS5.8AI score0.00849EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 9:16 a.m.17 views

CVE-2026-8365

The Blocksy theme for WordPress is vulnerable to PHP Object Injection leading to Remote Code Execution via the 'blocksymeta' REST API field and the V200 database migration in versions up to and including 2.1.35. This is due to insufficient input sanitization in the blocksysanitizepostmetaoptions...

8.8CVSS0.00849EPSS
Exploits0References13
Vulnrichment
Vulnrichment
added 2026/06/09 8:29 a.m.13 views

CVE-2026-8365 Blocksy <= 2.1.41 - Authenticated (Contributor+) PHP Object Injection via Deserialization of Untrusted Data via 'blocksy_meta' REST API Field

The Blocksy theme for WordPress is vulnerable to PHP Object Injection leading to Remote Code Execution via the 'blocksymeta' REST API field and the V200 database migration in versions up to and including 2.1.35. This is due to insufficient input sanitization in the blocksysanitizepostmetaoptions...

8.8CVSS5.8AI score0.00849EPSS
Exploits0References13
EUVD
EUVD
added 2026/06/09 8:29 a.m.10 views

EUVD-2026-35379

The Blocksy theme for WordPress is vulnerable to PHP Object Injection leading to Remote Code Execution via the 'blocksymeta' REST API field and the V200 database migration in versions up to and including 2.1.35. This is due to insufficient input sanitization in the blocksysanitizepostmetaoptions...

8.8CVSS5.8AI score0.00849EPSS
Exploits0References13
Cvelist
Cvelist
added 2026/06/09 8:29 a.m.42 views

CVE-2026-8365 Blocksy <= 2.1.41 - Authenticated (Contributor+) PHP Object Injection via Deserialization of Untrusted Data via 'blocksy_meta' REST API Field

The Blocksy theme for WordPress is vulnerable to PHP Object Injection leading to Remote Code Execution via the 'blocksymeta' REST API field and the V200 database migration in versions up to and including 2.1.35. This is due to insufficient input sanitization in the blocksysanitizepostmetaoptions...

8.8CVSS0.00849EPSS
Exploits0References13
CVE
CVE
added 2026/06/09 8:29 a.m.36 views

CVE-2026-8365

The Blocksy WordPress theme (up to at least 2.1.41) is vulnerable to PHP Object Injection via the blocksy_meta REST API field and the V200 migration. Root cause: blocksy_sanitize_post_meta_options() only blocks '' and does not prevent serialized PHP objects, combined with SearchReplacer::run_recu...

8.8CVSS5.8AI score0.00849EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.21 views

PT-2026-47723

Name of the Vulnerable Software and Affected Versions Blocksy versions prior to 2.1.36 Description Insufficient input sanitization in the blocksy sanitize post meta options function allows authenticated attackers with contributor-level access or higher to store serialized PHP object strings in po...

8.8CVSS6.4AI score0.00849EPSS
Exploits0References18
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.16 views

WordPress plugin Blocksy 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

8.8CVSS6.2AI score0.00849EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/08 8:11 p.m.12 views

WordPress Blocksy theme <= 2.1.41 - Authenticated (Contributor+) PHP Object Injection vulnerability

Authenticated Contributor+ PHP Object Injection vulnerability discovered by Quốc Huy jtwings - Puramu in WordPress Theme Blocksy versions = 2.1.41...

8.8CVSS5.5AI score0.00849EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/22 2:40 p.m.17 views

WordPress Blocksy Companion Pro plugin <= 2.1.37 - Remote Code Execution (RCE) vulnerability

Remote Code Execution RCE vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Blocksy Companion Pro versions = 2.1.37...

5.5AI score0.00541EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/04/08 12:7 p.m.5 views

WordPress Blocksy Companion Pro plugin < 2.1.29 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Blocksy Companion Pro versions 2.1.29...

6AI score0.00372EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/04 1:56 a.m.8 views

CVE-2026-2583

The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the blocksymeta metadata fields in all versions up to, and including, 2.1.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level acce...

6.4CVSS6AI score0.00194EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/03/02 11:24 p.m.9 views

WordPress Blocksy plugin <= 2.1.30 - Authenticated (Contributor+) Stored Cross-Site Scripting via `blocksy_meta` Fields vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via blocksymeta Fields vulnerability discovered by Quốc Huy jtwings - Puramu in WordPress Theme Blocksy versions = 2.1.30...

6.4CVSS5.9AI score0.00194EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/03/02 11:16 p.m.10 views

CVE-2026-2583

The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the blocksymeta metadata fields in all versions up to, and including, 2.1.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level acce...

6.4CVSS0.00194EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/02 10:23 p.m.5 views

CVE-2026-2583

The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the blocksymeta metadata fields in all versions up to, and including, 2.1.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level acce...

6.4CVSS6AI score0.00194EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/02 10:23 p.m.28 views

CVE-2026-2583 Blocksy <= 2.1.30 - Authenticated (Contributor+) Stored Cross-Site Scripting via `blocksy_meta` Fields

The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the blocksymeta metadata fields in all versions up to, and including, 2.1.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level acce...

6.4CVSS0.00194EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/02 10:23 p.m.5 views

CVE-2026-2583 Blocksy <= 2.1.30 - Authenticated (Contributor+) Stored Cross-Site Scripting via `blocksy_meta` Fields

The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the blocksymeta metadata fields in all versions up to, and including, 2.1.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level acce...

6.4CVSS6AI score0.00194EPSS
Exploits0References2
Rows per page
Query Builder