VulnTitan VulnTitan Security command center
Theme Vulnerability Hub
Theme 13 known issues Latest disclosed Mar 02, 2026

Blocksy Vulnerabilities

Review known vulnerability records for the WordPress theme Blocksy (`blocksy`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2026-2583, CVE-2025-55713 and CVE-2025-47465, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed
Known Records
13
High or Critical
0
Patch Coverage
100%
Last Updated
Apr 15, 2026
Priority CVE Quick Links

Fast paths into Blocksy CVE reports

Start with the highest-signal CVE records for this WordPress theme before scanning the full vulnerability feed.

Indexed CVEs
13
CVE-2026-2583 Medium 2.1.31
CVE-2026-2583 Blocksy Stored Cross-Site Scripting

Blocksy <= 2.1.30 - Authenticated (Contributor+) Stored Cross-Site Scripting via `blocksy_meta` Fields

CVE-2024-11420 Medium 2.0.78
CVE-2024-11420 Blocksy Stored Cross-Site Scripting

Blocksy <= 2.0.77 - Authenticated (Contributor+) Stored Cross-Site Scripting

CVE-2024-5439 Medium 2.0.51
CVE-2024-5439 Blocksy Stored Cross-Site Scripting

Blocksy <= 2.0.50 - Authenticated (Contributor+) Stored Cross-Site Scripting

CVE-2024-4943 Medium 2.0.47
CVE-2024-4943 Blocksy Stored Cross-Site Scripting

Blocksy <= 2.0.46 - Authenticated (Contributor+) Stored Cross-Site Scripting

CVE-2024-4158 Medium 2.0.43
CVE-2024-4158 Blocksy Stored Cross-Site Scripting

Blocksy <= 2.0.42 - Authenticated (Contributor+) Stored Cross-Site Scripting

CVE-2024-3747 Medium 2.0.40
CVE-2024-3747 Blocksy Stored Cross-Site Scripting

Blocksy <= 2.0.39 - Authenticated (Contributor+) Stored Cross-Site Scripting via About Me block

CVE-2024-32961 Medium 2.0.34
CVE-2024-32961 Blocksy Stored Cross-Site Scripting

Blocksy <= 2.0.33 - Authenticated (Contributor+) Stored Cross-Site Scripting

CVE-2024-1767 Medium 2.0.27
CVE-2024-1767 Blocksy Stored Cross-Site Scripting

Blocksy <= 2.0.26 - Authenticated (Contributor+) Stored Cross-Site Scripting

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for Blocksy so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility
13 records include a published patch path, leaving 0 with no listed safe release yet.
Severity Mix
0 critical and 0 high severity findings.
Recent CVEs
CVE-2026-2583, CVE-2025-55713 and CVE-2025-47465
Reference Workflow
Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.
Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

Known Vulnerabilities

Reports for Blocksy

Sorted by latest disclosure date so newly published issues surface first.

Theme Medium Patched: Yes CVE-2026-2583
CVE-2026-2583: Blocksy <= 2.1.30 - Authenticated (Contributor+) Stored Cross-Site Scripting via `blocksy_meta` Fields

The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the `blocksy_meta` metadata fields in all versions up to, and including, 2.1.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Co...

Published
Mar 02, 2026
Patched Release
2.1.31
Affected Versions
Versions up to 2.1.30
Next Step
Update to 2.1.31 or newer if supported.
Open CVE-2026-2583 Report Open CVE Reference
Theme Medium Patched: Yes CVE-2025-55713
CVE-2025-55713: Blocksy <= 2.1.6 - Authenticated (Shop manager+) Stored Cross-Site Scripting

The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with shop manager-level access and above, to inject...

Published
Aug 14, 2025
Patched Release
2.1.7
Affected Versions
Versions up to 2.1.6
Next Step
Update to 2.1.7 or newer if supported.
Open CVE-2025-55713 Report Open CVE Reference
Theme Low Patched: Yes CVE-2025-47465
CVE-2025-47465: Blocksy <= 2.0.97 - Missing Authorization

The Blocksy theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the wp_ajax_blocksy_notice_button_click AJAX endpoint in versions up to, and including, 2.0.97. This makes it possible for authenticated attackers, with administrator-level a...

Published
May 07, 2025
Patched Release
2.0.98
Affected Versions
Versions up to 2.0.97
Next Step
Update to 2.0.98 or newer if supported.
Open CVE-2025-47465 Report Open CVE Reference
Theme Medium Patched: Yes CVE-2024-11420
CVE-2024-11420: Blocksy <= 2.0.77 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the Contact Info Block link parameter in all versions up to, and including, 2.0.77 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

Published
Dec 04, 2024
Patched Release
2.0.78
Affected Versions
Versions up to 2.0.77
Next Step
Update to 2.0.78 or newer if supported.
Open CVE-2024-11420 Report Open CVE Reference
Theme Medium Patched: Yes CVE-2024-37469
CVE-2024-37469: Blocksy <= 2.0.22 - Cross-Site Request Forgery

The Blocksy theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.22. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a f...

Published
Jul 01, 2024
Patched Release
2.0.23
Affected Versions
Versions up to 2.0.22
Next Step
Update to 2.0.23 or newer if supported.
Open CVE-2024-37469 Report Open CVE Reference
Theme Medium Patched: Yes CVE-2024-5439
CVE-2024-5439: Blocksy <= 2.0.50 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Blocksy theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the custom_url parameter in all versions up to, and including, 2.0.50 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arb...

Published
Jun 04, 2024
Patched Release
2.0.51
Affected Versions
Versions up to 2.0.50
Next Step
Update to 2.0.51 or newer if supported.
Open CVE-2024-5439 Report Open CVE Reference
Theme Medium Patched: Yes CVE-2024-4943
CVE-2024-4943: Blocksy <= 2.0.46 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘has_field_link_rel’ parameter in all versions up to, and including, 2.0.46 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Co...

Published
May 20, 2024
Patched Release
2.0.47
Affected Versions
Versions up to 2.0.46
Next Step
Update to 2.0.47 or newer if supported.
Open CVE-2024-4943 Report Open CVE Reference
Theme Medium Patched: Yes CVE-2024-4158
CVE-2024-4158: Blocksy <= 2.0.42 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tagName’ parameter in versions up to, and including, 2.0.42 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...

Published
May 03, 2024
Patched Release
2.0.43
Affected Versions
Versions up to 2.0.42
Next Step
Update to 2.0.43 or newer if supported.
Open CVE-2024-4158 Report Open CVE Reference
Theme Medium Patched: Yes CVE-2024-3747
CVE-2024-3747: Blocksy <= 2.0.39 - Authenticated (Contributor+) Stored Cross-Site Scripting via About Me block

The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the className parameter in the About Me block in all versions up to, and including, 2.0.39 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacke...

Published
Apr 24, 2024
Patched Release
2.0.40
Affected Versions
Versions up to 2.0.39
Next Step
Update to 2.0.40 or newer if supported.
Open CVE-2024-3747 Report Open CVE Reference
Theme Medium Patched: Yes CVE-2024-32961
CVE-2024-32961: Blocksy <= 2.0.33 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.0.33 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...

Published
Apr 23, 2024
Patched Release
2.0.34
Affected Versions
Versions up to 2.0.33
Next Step
Update to 2.0.34 or newer if supported.
Open CVE-2024-32961 Report Open CVE Reference
Theme Medium Patched: Yes CVE-2024-31382
CVE-2024-31382: Blocksy <= 2.0.22 - Cross-Site Request Forgery to Notice Dismissal

The Blocksy theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.22. This is due to missing or incorrect nonce validation on the wp_ajax_blocksy_notice_button_click ajax action. This makes it possible for unauthenticated attackers...

Published
Apr 10, 2024
Patched Release
2.0.23
Affected Versions
Versions up to 2.0.22
Next Step
Update to 2.0.23 or newer if supported.
Open CVE-2024-31382 Report Open CVE Reference
Theme Medium Patched: Yes CVE-2024-1767
CVE-2024-1767: Blocksy <= 2.0.26 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's blocks in all versions up to, and including, 2.0.26 due to insufficient input sanitization and output escaping on user supplied attributes like 'className' and 'radius'. This makes it po...

Published
Mar 08, 2024
Patched Release
2.0.27
Affected Versions
Versions up to 2.0.26
Next Step
Update to 2.0.27 or newer if supported.
Open CVE-2024-1767 Report Open CVE Reference