VYPR

Maxi Blocks

by Maxi Blocks

Source repositories

CVEs (3)

  • CVE-2024-6885HigJul 23, 2024
    risk 0.53cvss 8.1epss 0.01

    The MaxiBlocks: 2200+ Patterns, 190 Pages, 14.2K Icons & 100 Styles plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the maxi_remove_custom_image_size and maxi_add_custom_image_size functions in all versions up to, and…

  • CVE-2026-6378MedMay 2, 2026
    risk 0.35cvss 6.4epss 0.00

    The Maxi Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `/wp-json/maxi-blocks/v1.0/style-card` REST API endpoint in all versions up to, and including, 2.1.9 due to insufficient input sanitization and output escaping of the `sc_styles` parameter.…

  • CVE-2026-2028MedApr 24, 2026
    risk 0.27cvss 5.3epss 0.00

    The MaxiBlocks Builder plugin for WordPress is vulnerable to arbitrary media file deletion due to insufficient file ownership validation on the 'maxi_remove_custom_image_size' AJAX action in all versions up to, and including, 2.1.8. This makes it possible for authenticated…