CVE-2024-4158

Blocksy <= 2.0.42 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tagName’ parameter in versions up to, and including, 2.0.42 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

We have discovered 11,883 live websites that are affected by CVE-2024-4158.

Test my site



Affected Software

Product  Blocksy
Category Wordpress Themes
Vulnerable Domains11,883 live websites (25.08% of Blocksy install base)
Vulnerable Versions
  • from 0 through 2.0.42
Vulnerable Versions Count227 versions ( 82.25% of all versions)



Details

  • Published - May 9, 2024
  • Updated - Aug 1, 2024

Credits

  • Ngô Thiên An (finder)

CVE-2024-4158 usage by Country

United States4,678 websites


Germany1,341 websites
France611 websites
Poland472 websites
Cyprus466 websites
Netherlands400 websites
Denmark380 websites
Italy304 websites
GB272 websites
Brazil239 websites

CVE-2024-4158 usage by TLD

.com4,487 websites
.info494 websites
.de490 websites
.nl434 websites
.pl415 websites
.org412 websites
.com.br390 websites
.it301 websites
.dk292 websites
.net278 websites

Vulnerable Versions

Vulnerable versions are highlighted in red

Websites affected by CVE-2024-4158

Top websites that are affected by CVE-2024-4158. Please click on the "Contact us" link to get more information.
DomainCountryRankContacts
**********.nl Netherlands**,***
************.com United States**,***
******.net United States**,***
*********.org Spain**,***
*****.us Germany**,***
*******.it Germany**,***
******.dk Denmark***,***
****.********.edu United States***,***
********.me United States***,***
************.us Germany***,***
See full domain list

FAQ

A total of 11,883 websites have been identified as vulnerable to CVE-2024-4158, discovered through global website indexing conducted by WebTechSurvey.
Blocksy is susceptible to CVE-2024-4158 vulnerability.
Blocksy versions before, and including, 2.0.42 are vulnerable to CVE-2024-4158.