Blocksy@* Security Vulnerabilities and Issues — Blocksy@* CVE List

Lucene search

CreativethemesBlocksy*

11 matches found

CVE•added 2024/05/14 3:43 p.m.•60 views

CVE-2024-4158

The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tagName’ parameter in versions up to, and including, 2.0.42 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and ab...

6.4CVSS5.8AI score0.00117EPSS

CVE•added 2024/04/25 10:15 a.m.•55 views

CVE-2024-32961

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Creative Themes HQ Blocksy allows Stored XSS.This issue affects Blocksy: from n/a through 2.0.33.

6.5CVSS6.6AI score0.0012EPSS

CVE•added 2024/04/15 11:15 a.m.•50 views

CVE-2024-31382

Cross-Site Request Forgery (CSRF) vulnerability in Creative Themes HQ Blocksy.This issue affects Blocksy: from n/a through 2.0.22.

8.8CVSS6.8AI score0.00187EPSS

CVE•added 2024/03/09 7:15 a.m.•48 views

CVE-2024-1767

The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's blocks in all versions up to, and including, 2.0.26 due to insufficient input sanitization and output escaping on user supplied attributes like 'className' and 'radius'. This makes it possible for authenti...

6.4CVSS6AI score0.00061EPSS

CVE•added 2024/05/02 5:15 p.m.•48 views

CVE-2024-3747

The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the className parameter in the About Me block in all versions up to, and including, 2.0.39 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributo...

6.4CVSS5.7AI score0.00144EPSS

CVE•added 2024/12/05 10:31 a.m.•47 views

CVE-2024-11420

The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the Contact Info Block link parameter in all versions up to, and including, 2.0.77 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level ...

6.4CVSS5.8AI score0.00031EPSS

CVE•added 2024/05/21 3:15 a.m.•43 views

CVE-2024-4943

The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘has_field_link_rel’ parameter in all versions up to, and including, 2.0.46 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level acc...

6.4CVSS5.8AI score0.00145EPSS

CVE•added 2024/06/05 8:15 a.m.•40 views

CVE-2024-5439

The Blocksy theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the custom_url parameter in all versions up to, and including, 2.0.50 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts ...

6.4CVSS6AI score0.00307EPSS

CVE•added 2025/01/02 12:15 p.m.•39 views

CVE-2024-37469

Cross-Site Request Forgery (CSRF) vulnerability in CreativeThemes Blocksy allows Cross Site Request Forgery.This issue affects Blocksy: from n/a through 2.0.22.

8.8CVSS5.5AI score0.00031EPSS

CVE•added 2025/05/07 3:16 p.m.•31 views

CVE-2025-47465

Missing Authorization vulnerability in CreativeThemes Blocksy allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Blocksy: from n/a through 2.0.97.

4.9CVSS5.1AI score0.00036EPSS

CVE•added 2024/02/08 1:15 p.m.•30 views

CVE-2024-24871

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Creative Themes Blocksy allows Stored XSS.This issue affects Blocksy: from n/a through 2.0.19.

6.5CVSS6.3AI score0.00065EPSS