Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

creativethemeshq — Vulnerabilities & Security Advisories 18

Browse all 18 CVE security advisories affecting creativethemeshq. AI-powered Chinese analysis, POCs, and references for each vulnerability.

CreativeThemesHQ develops WordPress themes and plugins for website customization, with 18 CVEs recorded. Historically, their products frequently suffer from stored cross-site scripting (XSS) due to insufficient input sanitization, remote code execution (RCE) via unsafe file uploads, and privilege escalation through improper access controls. Notable security characteristics include inconsistent input validation across components and inadequate security headers in some releases. While no major public breaches have been documented, their vulnerability history suggests a pattern of security oversights in rapid development cycles, impacting thousands of websites that rely on their themes for functionality and design.

Found 13 results / 18Clear Filters
Top products by creativethemeshq: Blocksy Blocksy Companion
CVE IDTitleCVSSSeverityPublished
CVE-2026-2583 Blocksy <= 2.1.30 - Authenticated (Contributor+) Stored Cross-Site Scripting via `blocksy_meta` Fields — BlocksyCWE-79 6.4 Medium2026-03-02
CVE-2025-55713 WordPress Blocksy Theme <= 2.1.6 - Cross Site Scripting (XSS) Vulnerability — BlocksyCWE-79 5.9 Medium2025-08-14
CVE-2025-47465 WordPress Blocksy theme <= 2.0.97 - Broken Access Control Vulnerability — BlocksyCWE-862 4.9 Medium2025-05-07
CVE-2024-37469 WordPress Blocksy theme <= 1.9.5 - Cross Site Request Forgery (CSRF) vulnerability — BlocksyCWE-352 5.4 Medium2025-01-02
CVE-2024-11420 Blocksy <= 2.0.77 - Authenticated (Contributor+) Stored Cross-Site Scripting — BlocksyCWE-79 6.4 Medium2024-12-05
CVE-2024-5439 Blocksy <= 2.0.50 - Authenticated (Contributor+) Stored Cross-Site Scripting — BlocksyCWE-20 6.4 Medium2024-06-05
CVE-2024-4943 Blocksy <= 2.0.46 - Authenticated (Contributor+) Stored Cross-Site Scripting — BlocksyCWE-79 6.4 Medium2024-05-21
CVE-2024-4158 Blocksy <= 2.0.42 - Authenticated (Contributor+) Stored Cross-Site Scripting — BlocksyCWE-79 6.4 Medium2024-05-09
CVE-2024-3747 Blocksy <= 2.0.39 - Authenticated (Contributor+) Stored Cross-Site Scripting via About Me block — BlocksyCWE-20 6.4 Medium2024-05-02
CVE-2024-32961 WordPress Blocksy theme <= 2.0.33 - Cross Site Scripting (XSS) vulnerability — BlocksyCWE-79 6.5 Medium2024-04-25
CVE-2024-31382 WordPress Blocksy theme <= 2.0.22 - Cross Site Request Forgery (CSRF) vulnerability — BlocksyCWE-352 4.3 Medium2024-04-15
CVE-2024-1767 Blocksy <= 2.0.26 - Authenticated (Contributor+) Stored Cross-Site Scripting — BlocksyCWE-79 6.4 Medium2024-03-09
CVE-2024-24871 WordPress Blocksy theme <= 2.0.19 - Cross Site Scripting (XSS) vulnerability — BlocksyCWE-79 6.5 Medium2024-02-08

This page lists every published CVE security advisory associated with creativethemeshq. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.