Creativethemeshq Blocksy

14 CVEs affecting Creativethemeshq Blocksy. Latest disclosed: 2026-06-09. Critical: 0, High: 1.

Top CVEs affecting Creativethemeshq Blocksy
CVESeverityScorePublishedSummary
CVE-2026-8365High8.82026-06-09The Blocksy theme for WordPress is vulnerable to PHP Object Injection leading to Remote Code Execution via the 'blocksy_meta' REST API field and the V200 datab…
CVE-2024-32961Medium6.52024-04-25Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in creativethemeshq Blocksy blocksy.This issue affects Block…
CVE-2024-24871Medium6.52024-02-08Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in creativethemeshq Blocksy blocksy.This issue affects Block…
CVE-2026-2583Medium6.42026-03-02The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the `blocksy_meta` metadata fields in all versions up to, and including, 2.1.3…
CVE-2024-11420Medium6.42024-12-05The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the Contact Info Block link parameter in all versions up to, and including, 2…
CVE-2024-5439Medium6.42024-06-05The Blocksy theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the custom_url parameter in all versions up to, and including, 2.0.50 due t…
CVE-2024-4943Medium6.42024-05-21The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘has_field_link_rel’ parameter in all versions up to, and including, 2.0.4…
CVE-2024-4158Medium6.42024-05-14The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tagName’ parameter in versions up to, and including, 2.0.42 due to insuff…
CVE-2024-3747Medium6.42024-05-02The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the className parameter in the About Me block in all versions up to, and inclu…
CVE-2024-1767Medium6.42024-03-09The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's blocks in all versions up to, and including, 2.0.26 due to insuff…
CVE-2025-55713Medium5.92025-08-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in creativethemeshq Blocksy blocksy allows Stored XSS.This i…
CVE-2024-37469Medium5.42025-01-02Cross-Site Request Forgery (CSRF) vulnerability in creativethemeshq Blocksy blocksy allows Cross Site Request Forgery.This issue affects Blocksy: from n/a thro…
CVE-2025-47465Medium4.92025-05-07Missing Authorization vulnerability in creativethemeshq Blocksy blocksy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affe…
CVE-2024-31382Medium4.32024-04-15Cross-Site Request Forgery (CSRF) vulnerability in creativethemeshq Blocksy blocksy.This issue affects Blocksy: from n/a through <= 2.0.22.