Lucene search
K
CreativethemesBlocksy

10 matches found

CVE
CVE
added 2024/04/25 9:16 a.m.77 views

CVE-2024-32961

CVE-2024-32961 concerns Blocksy (Creative Themes HQ) with an authenticated Stored XSS via improper input neutralization during web page generation. Affected: Blocksy versions up to 2.0.33 (n/a). The CVE notes stored cross-site scripting vulnerability in the plugin/theme, and references indicate r...

6.5CVSS5.9AI score0.00323EPSS
CVE
CVE
added 2024/05/09 8:3 p.m.77 views

CVE-2024-4158

CVE-2024-4158: Blocksy Theme for WordPress is vulnerable to Stored Cross-Site Scripting via the tagName parameter in Blocksy versions up to 2.0.42 due to insufficient input sanitization and output escaping. Exploitation requires authenticated access at contributor level or higher; successful inje...

6.4CVSS5.8AI score0.0034EPSS
CVE
CVE
added 2024/03/09 7:1 a.m.70 views

CVE-2024-1767

The CVE-2024-1767 entry concerns the WordPress Blocksy theme. A stored XSS vulnerability exists in Blocksy blocks due to insufficient input sanitization and output escaping for user-supplied attributes such as className and radius, enabling authenticated attackers with contributor-level permissio...

6.4CVSS6AI score0.0032EPSS
CVE
CVE
added 2024/04/15 10:15 a.m.68 views

CVE-2024-31382

CVE-2024-31382: CSRF in Blocksy (Creative Themes HQ Blocksy) affecting Blocksy versions up to and including 2.0.22. Connected sources confirm the issue is CSRF, but no exploit details or confirmed fixed version are provided in the supplied documents. remediation/fix version is not specified in th...

8.8CVSS5.9AI score0.00228EPSS
CVE
CVE
added 2024/05/02 4:52 p.m.68 views

CVE-2024-3747

The CVE-2024-3747 issue affects Blocksy Theme for WordPress (versions up to 2.0.39). It is a Stored XSS in the About Me block via the className parameter, exploitable by authenticated users with Contributor+ privileges. The vulnerability arises from insufficient input sanitization and output esca...

6.4CVSS5.7AI score0.00423EPSS
CVE
CVE
added 2024/12/05 9:23 a.m.61 views

CVE-2024-11420

CVE-2024-11420 (Blocksy) : The WordPress Blocksy theme is vulnerable to Stored Cross-Site Scripting via the Contact Info Block's link parameter in all versions up to 2.0.77. An attacker with Contributor-level access or higher can inject scripts that execute when users view the page containing the...

6.4CVSS5.8AI score0.00249EPSS
CVE
CVE
added 2024/05/21 2:32 a.m.60 views

CVE-2024-4943

CVE-2024-4943 concerns the Blocksy WordPress theme. The vulnerability is a Stored Cross-Site Scripting flaw in the has_field_link_rel parameter present in versions up to 2.0.46, caused by insufficient input sanitization and output escaping. By exploiting this, an authenticated attacker with Contr...

6.4CVSS5.8AI score0.00263EPSS
CVE
CVE
added 2024/06/05 7:34 a.m.58 views

CVE-2024-5439

CVE-2024-5439 : Blocksy Theme for WordPress is vulnerable to Reflected XSS via the custom_url parameter in all versions up to 2.0.50. Exploitation requires a user to click a crafted link (unauthenticated). A fix is available in Blocksy 2.0.51 (per changeset showing new version). If upgrading is n...

6.4CVSS6AI score0.00288EPSS
CVE
CVE
added 2025/01/02 12:0 p.m.52 views

CVE-2024-37469

CVE-2024-37469 is a CSRF vulnerability in the WordPress Blocksy theme (vulnerable up to 2.0.22). The root cause is a CSRF oversight in Blocksy that allows unauthorized actions to be performed remotely. Affected versions include 2.0.22 and earlier; the issue is fixed in 2.0.23. Public sources char...

8.8CVSS5.9AI score0.00183EPSS
CVE
CVE
added 2024/02/08 1:6 p.m.47 views

CVE-2024-24871

CVE-2024-24871 affects the WordPress Blocksy Theme up to version 2.0.19. The issue is a Stored XSS caused by improper neutralization of input during web page generation. Impact is described as low severity (CVSS ~6.5) with network attack vector, low attack complexity, privileges required: LOW, an...

6.5CVSS6.8AI score0.0032EPSS