Missing Authorization Vulnerability in CreativeThemes Blocksy Product
CVE-2025-47465

4.9MEDIUM

Key Information:

Vendor: WordPress
Status: Blocksy
Vendor: CVE Published:; 7 May 2025

What is CVE-2025-47465?

The Blocksy theme by CreativeThemes suffers from a missing authorization vulnerability that arises from incorrectly configured access control security levels. This issue permits unauthorized users to gain access to features and functionalities that should be restricted, potentially leading to exposure or alteration of sensitive information. Affected versions include those up to 2.0.97, making it crucial for users to ensure proper configurations and apply necessary updates to mitigate any risks.

Affected Version(s)

Blocksy <= 2.0.97

References

https://patchstack.com/database/wordpress/theme/blocksy/v...

vdb-entry

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 7, 2025
Vulnerability Reserved
May 7, 2025

Credit

savphill (Patchstack Alliance)

WordPress

What is CVE-2025-47465?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit