Logo
Retour à la veille

CVE-2026-8365

Publié : 9 juin 2026
Modifié : 9 juin 2026
Lien officiel NVD
Score CVSS
8.8
HIGH

Description détaillée

The Blocksy theme for WordPress is vulnerable to PHP Object Injection leading to Remote Code Execution via the 'blocksy_meta' REST API field and the V200 database migration in versions up to and including 2.1.35. This is due to insufficient input sanitization in the blocksy_sanitize_post_meta_options() function, which only blocks values containing '<' or '>' and does not prevent serialized PHP object strings from being stored in post meta, combined with the SearchReplacer::run_recursively() function unconditionally deserializing all string values via @unserialize() during migration without restricting allowed classes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a serialized Blocksy\RaiiPattern object into post meta that, when the V200 migration runs on an upgraded site, is deserialized and triggers RaiiPattern::__destruct(), which executes arbitrary PHP callables via call_user_func().

Vecteur d'attaque (CVSS)

Vecteur brut :CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Références et Patchs

https://themes.trac.wordpress.org/browser/blocksy/2.1.35/admin/helpers/meta-boxes.php#L104https://themes.trac.wordpress.org/browser/blocksy/2.1.35/admin/helpers/validator.php#L75https://themes.trac.wordpress.org/browser/blocksy/2.1.35/inc/classes/db-versioning/utils/db-search-replacer.php#L98https://themes.trac.wordpress.org/browser/blocksy/2.1.35/inc/classes/raii.php#L12https://themes.trac.wordpress.org/browser/blocksy/2.1.41/admin/helpers/meta-boxes.php#L104https://themes.trac.wordpress.org/browser/blocksy/2.1.41/admin/helpers/validator.php#L75https://themes.trac.wordpress.org/browser/blocksy/2.1.41/inc/classes/db-versioning/utils/db-search-replacer.php#L98https://themes.trac.wordpress.org/browser/blocksy/2.1.41/inc/classes/raii.php#L12https://themes.trac.wordpress.org/browser/blocksy/trunk/admin/helpers/meta-boxes.php#L104https://themes.trac.wordpress.org/browser/blocksy/trunk/admin/helpers/validator.php#L75https://themes.trac.wordpress.org/browser/blocksy/trunk/inc/classes/db-versioning/utils/db-search-replacer.php#L98https://themes.trac.wordpress.org/browser/blocksy/trunk/inc/classes/raii.php#L12https://www.wordfence.com/threat-intel/vulnerabilities/id/fd216743-ce8d-4632-9fd1-d63502c2dfcd?source=cve

Dernières Vulnérabilités

CVE-2026-52902

A path traversal vulnerability was found in awxkit, the CLI tool for AWX. The YAML !include directive does not sanitize file paths, allowing an attacker to craft a malicious YAML file that reads arbitrary YAML-formatted files from the local filesystem when a user imports it using "awx --conf.format yaml import". This is a client-side vulnerability requiring user interaction.

VOIR DÉTAILS

CVE-2026-4058

The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the user_subscription_cancel() function in all versions up to, and including, 4.3.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to cancel any user's subscription pack, including administrators.

VOIR DÉTAILS

CVE-2026-46749

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The affected application uses a password hashing implementation with a static, hardcoded salt shared across all users and installations, and is configured with an insufficient number of iterations. This could allow an attacker to efficiently recover user passwords using brute-force or precomputed attacks, potentially resulting in unauthorized access.

VOIR DÉTAILS