10 matches found
CVE-2024-32961
CVE-2024-32961 concerns Blocksy (Creative Themes HQ) with an authenticated Stored XSS via improper input neutralization during web page generation. Affected: Blocksy versions up to 2.0.33 (n/a). The CVE notes stored cross-site scripting vulnerability in the plugin/theme, and references indicate r...
CVE-2024-4158
CVE-2024-4158: Blocksy Theme for WordPress is vulnerable to Stored Cross-Site Scripting via the tagName parameter in Blocksy versions up to 2.0.42 due to insufficient input sanitization and output escaping. Exploitation requires authenticated access at contributor level or higher; successful inje...
CVE-2024-1767
The CVE-2024-1767 entry concerns the WordPress Blocksy theme. A stored XSS vulnerability exists in Blocksy blocks due to insufficient input sanitization and output escaping for user-supplied attributes such as className and radius, enabling authenticated attackers with contributor-level permissio...
CVE-2024-3747
The CVE-2024-3747 issue affects Blocksy Theme for WordPress (versions up to 2.0.39). It is a Stored XSS in the About Me block via the className parameter, exploitable by authenticated users with Contributor+ privileges. The vulnerability arises from insufficient input sanitization and output esca...
CVE-2024-31382
CVE-2024-31382: CSRF in Blocksy (Creative Themes HQ Blocksy) affecting Blocksy versions up to and including 2.0.22. Connected sources confirm the issue is CSRF, but no exploit details or confirmed fixed version are provided in the supplied documents. remediation/fix version is not specified in th...
CVE-2024-11420
CVE-2024-11420 (Blocksy) : The WordPress Blocksy theme is vulnerable to Stored Cross-Site Scripting via the Contact Info Block's link parameter in all versions up to 2.0.77. An attacker with Contributor-level access or higher can inject scripts that execute when users view the page containing the...
CVE-2024-4943
CVE-2024-4943 concerns the Blocksy WordPress theme. The vulnerability is a Stored Cross-Site Scripting flaw in the has_field_link_rel parameter present in versions up to 2.0.46, caused by insufficient input sanitization and output escaping. By exploiting this, an authenticated attacker with Contr...
CVE-2024-5439
CVE-2024-5439 : Blocksy Theme for WordPress is vulnerable to Reflected XSS via the custom_url parameter in all versions up to 2.0.50. Exploitation requires a user to click a crafted link (unauthenticated). A fix is available in Blocksy 2.0.51 (per changeset showing new version). If upgrading is n...
CVE-2024-37469
CVE-2024-37469 is a CSRF vulnerability in the WordPress Blocksy theme (vulnerable up to 2.0.22). The root cause is a CSRF oversight in Blocksy that allows unauthorized actions to be performed remotely. Affected versions include 2.0.22 and earlier; the issue is fixed in 2.0.23. Public sources char...
CVE-2024-24871
CVE-2024-24871 affects the WordPress Blocksy Theme up to version 2.0.19. The issue is a Stored XSS caused by improper neutralization of input during web page generation. Impact is described as low severity (CVSS ~6.5) with network attack vector, low attack complexity, privileges required: LOW, an...