Vulnerabilities > Creativethemes
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-02 | CVE-2024-37469 | Cross-Site Request Forgery (CSRF) vulnerability in Creativethemes Blocksy Cross-Site Request Forgery (CSRF) vulnerability in CreativeThemes Blocksy allows Cross Site Request Forgery.This issue affects Blocksy: from n/a through 2.0.22. | 8.8 |
| 2024-12-05 | CVE-2024-11420 | Cross-site Scripting vulnerability in Creativethemes Blocksy The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the Contact Info Block link parameter in all versions up to, and including, 2.0.77 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-06-05 | CVE-2024-5439 | Cross-site Scripting vulnerability in Creativethemes Blocksy The Blocksy theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the custom_url parameter in all versions up to, and including, 2.0.50 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-06-03 | CVE-2024-35633 | Unspecified vulnerability in Creativethemes Blocksy Companion Server-Side Request Forgery (SSRF) vulnerability in CreativeThemes Blocksy Companion.This issue affects Blocksy Companion: from n/a through 2.0.42. | 4.9 |
| 2024-05-21 | CVE-2024-4943 | Cross-site Scripting vulnerability in Creativethemes Blocksy The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘has_field_link_rel’ parameter in all versions up to, and including, 2.0.46 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-05-14 | CVE-2024-4158 | Cross-site Scripting vulnerability in Creativethemes Blocksy The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tagName’ parameter in versions up to, and including, 2.0.42 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-05-14 | CVE-2024-4487 | Cross-site Scripting vulnerability in Creativethemes Blocksy Companion The Blocksy Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG uploads in versions up to, and including, 2.0.45 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-05-02 | CVE-2024-3747 | Cross-site Scripting vulnerability in Creativethemes Blocksy The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the className parameter in the About Me block in all versions up to, and including, 2.0.39 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-04-25 | CVE-2024-32961 | Unspecified vulnerability in Creativethemes Blocksy Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Creative Themes HQ Blocksy allows Stored XSS.This issue affects Blocksy: from n/a through 2.0.33. | 5.4 |
| 2024-04-15 | CVE-2024-31382 | Unspecified vulnerability in Creativethemes Blocksy Cross-Site Request Forgery (CSRF) vulnerability in Creative Themes HQ Blocksy.This issue affects Blocksy: from n/a through 2.0.22. | 8.8 |