CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5 matches found

EUVD•added 2026/06/09 8:29 a.m.•8 views

EUVD-2026-35379

The Blocksy theme for WordPress is vulnerable to PHP Object Injection leading to Remote Code Execution via the 'blocksymeta' REST API field and the V200 database migration in versions up to and including 2.1.35. This is due to insufficient input sanitization in the blocksysanitizepostmetaoptions...

8.8CVSS5.8AI score0.00919EPSS

Exploits0References13

Cvelist•added 2026/06/09 8:29 a.m.•36 views

CVE-2026-8365 Blocksy <= 2.1.41 - Authenticated (Contributor+) PHP Object Injection via Deserialization of Untrusted Data via 'blocksy_meta' REST API Field

8.8CVSS0.00919EPSS

Exploits0References13

RedhatCVE•added 2026/03/04 1:56 a.m.•5 views

CVE-2026-2583

The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the blocksymeta metadata fields in all versions up to, and including, 2.1.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level acce...

6.4CVSS6AI score0.00194EPSS

Exploits0References1

Patchstack•added 2026/03/02 11:24 p.m.•6 views

WordPress Blocksy plugin <= 2.1.30 - Authenticated (Contributor+) Stored Cross-Site Scripting via `blocksy_meta` Fields vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via blocksymeta Fields vulnerability discovered by Quốc Huy jtwings - Puramu in WordPress Theme Blocksy versions = 2.1.30...

6.4CVSS5.9AI score0.00194EPSS

Exploits0References1Affected Software1