Ckp267 Maxiblocks Builder | 17,000+ Design Assets, Patterns, Icons & Starter Sites
3 CVEs affecting Ckp267 Maxiblocks Builder | 17,000+ Design Assets, Patterns, Icons & Starter Sites. Latest disclosed: 2026-05-02. Critical: 0, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-6885 | High | 8.1 | 2024-07-23 | The MaxiBlocks: 2200+ Patterns, 190 Pages, 14.2K Icons & 100 Styles plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path… |
CVE-2026-6378 | Medium | 6.4 | 2026-05-02 | The Maxi Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `/wp-json/maxi-blocks/v1.0/style-card` REST API endpoint in all versi… |
CVE-2026-2028 | Medium | 5.3 | 2026-04-24 | The MaxiBlocks Builder plugin for WordPress is vulnerable to arbitrary media file deletion due to insufficient file ownership validation on the 'maxi_remove_cu… |