Creativethemes

Blocksy

12 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.9

CVE-2025-55713

  • EPSS 0.03%
  • Veröffentlicht 14.08.2025 18:21:25
  • Zuletzt bearbeitet 15.08.2025 13:12:51

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CreativeThemes Blocksy allows Stored XSS. This issue affects Blocksy: from n/a through 2.1.6.

4.9

CVE-2025-47465

  • EPSS 0.2%
  • Veröffentlicht 07.05.2025 14:19:41
  • Zuletzt bearbeitet 08.05.2025 14:39:18

Missing Authorization vulnerability in CreativeThemes Blocksy allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Blocksy: from n/a through 2.0.97.

8.8

CVE-2024-37469

  • EPSS 0.1%
  • Veröffentlicht 02.01.2025 12:15:20
  • Zuletzt bearbeitet 31.01.2025 16:57:05

Cross-Site Request Forgery (CSRF) vulnerability in CreativeThemes Blocksy allows Cross Site Request Forgery.This issue affects Blocksy: from n/a through 2.0.22.

5.4

CVE-2024-11420

  • EPSS 0.15%
  • Veröffentlicht 05.12.2024 10:31:39
  • Zuletzt bearbeitet 03.02.2025 14:39:02

The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the Contact Info Block link parameter in all versions up to, and including, 2.0.77 due to insufficient input sanitization and output escaping. This makes it possible for...

5.4

CVE-2024-5439

  • EPSS 0.41%
  • Veröffentlicht 05.06.2024 08:15:10
  • Zuletzt bearbeitet 21.11.2024 09:47:41

The Blocksy theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the custom_url parameter in all versions up to, and including, 2.0.50 due to insufficient input sanitization and output escaping. This makes it possible for unauthent...

5.4

CVE-2024-4943

  • EPSS 0.2%
  • Veröffentlicht 21.05.2024 03:15:08
  • Zuletzt bearbeitet 03.02.2025 18:22:31

The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘has_field_link_rel’ parameter in all versions up to, and including, 2.0.46 due to insufficient input sanitization and output escaping. This makes it possible for au...

5.4

CVE-2024-4158

  • EPSS 0.16%
  • Veröffentlicht 14.05.2024 15:43:00
  • Zuletzt bearbeitet 28.01.2025 03:03:08

The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tagName’ parameter in versions up to, and including, 2.0.42 due to insufficient input sanitization and output escaping. This makes it possible for authenticated att...

5.4

CVE-2024-3747

  • EPSS 0.2%
  • Veröffentlicht 02.05.2024 17:15:31
  • Zuletzt bearbeitet 04.02.2025 15:43:01

The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the className parameter in the About Me block in all versions up to, and including, 2.0.39 due to insufficient input sanitization and output escaping. This makes it poss...

5.4

CVE-2024-32961

  • EPSS 0.16%
  • Veröffentlicht 25.04.2024 10:15:09
  • Zuletzt bearbeitet 31.01.2025 18:15:27

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Creative Themes HQ Blocksy allows Stored XSS.This issue affects Blocksy: from n/a through 2.0.33.

8.8

CVE-2024-31382

  • EPSS 0.19%
  • Veröffentlicht 15.04.2024 11:15:09
  • Zuletzt bearbeitet 31.01.2025 18:07:30

Cross-Site Request Forgery (CSRF) vulnerability in Creative Themes HQ Blocksy.This issue affects Blocksy: from n/a through 2.0.22.