Creativethemes

Blocksy

12 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.9

CVE-2025-55713

  • EPSS 0.03%
  • Veröffentlicht 14.08.2025 18:21:25
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in creativethemeshq Blocksy blocksy allows Stored XSS.This issue affects Blocksy: from n/a through <= 2.1.6.

4.9

CVE-2025-47465

  • EPSS 0.12%
  • Veröffentlicht 07.05.2025 14:19:41
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Missing Authorization vulnerability in creativethemeshq Blocksy blocksy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Blocksy: from n/a through <= 2.0.97.

8.8

CVE-2024-37469

  • EPSS 0.14%
  • Veröffentlicht 02.01.2025 12:15:20
  • Zuletzt bearbeitet 01.04.2026 16:17:27

Cross-Site Request Forgery (CSRF) vulnerability in creativethemeshq Blocksy blocksy allows Cross Site Request Forgery.This issue affects Blocksy: from n/a through <= 2.0.22.

5.4

CVE-2024-11420

  • EPSS 0.15%
  • Veröffentlicht 05.12.2024 10:31:39
  • Zuletzt bearbeitet 03.02.2025 14:39:02

The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the Contact Info Block link parameter in all versions up to, and including, 2.0.77 due to insufficient input sanitization and output escaping. This makes it possible for...

5.4

CVE-2024-5439

  • EPSS 0.41%
  • Veröffentlicht 05.06.2024 08:15:10
  • Zuletzt bearbeitet 08.04.2026 19:21:56

The Blocksy theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the custom_url parameter in all versions up to, and including, 2.0.50 due to insufficient input sanitization and output escaping. This makes it possible for unauthent...

5.4

CVE-2024-4943

  • EPSS 0.2%
  • Veröffentlicht 21.05.2024 03:15:08
  • Zuletzt bearbeitet 08.04.2026 19:21:49

The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘has_field_link_rel’ parameter in all versions up to, and including, 2.0.46 due to insufficient input sanitization and output escaping. This makes it possible for au...

5.4

CVE-2024-4158

  • EPSS 0.16%
  • Veröffentlicht 14.05.2024 15:43:00
  • Zuletzt bearbeitet 08.04.2026 17:18:51

The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tagName’ parameter in versions up to, and including, 2.0.42 due to insufficient input sanitization and output escaping. This makes it possible for authenticated att...

5.4

CVE-2024-3747

  • EPSS 0.2%
  • Veröffentlicht 02.05.2024 17:15:31
  • Zuletzt bearbeitet 08.04.2026 19:21:27

The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the className parameter in the About Me block in all versions up to, and including, 2.0.39 due to insufficient input sanitization and output escaping. This makes it poss...

5.4

CVE-2024-32961

  • EPSS 0.31%
  • Veröffentlicht 25.04.2024 10:15:09
  • Zuletzt bearbeitet 01.04.2026 16:17:09

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in creativethemeshq Blocksy blocksy.This issue affects Blocksy: from n/a through <= 2.0.33.

8.8

CVE-2024-31382

  • EPSS 0.35%
  • Veröffentlicht 15.04.2024 11:15:09
  • Zuletzt bearbeitet 01.04.2026 16:16:59

Cross-Site Request Forgery (CSRF) vulnerability in creativethemeshq Blocksy blocksy.This issue affects Blocksy: from n/a through <= 2.0.22.