Stored XSS Vulnerability in CreativeThemes Blocksy Theme
CVE-2025-55713

5.9MEDIUM

Key Information:

Vendor: WordPress
Status: Blocksy
Vendor: CVE Published:; 14 August 2025

What is CVE-2025-55713?

The Blocksy theme developed by CreativeThemes contains a vulnerability that allows an attacker to execute unauthorized scripts in the user's browser through improper input handling. This Stored XSS flaw can lead to the injection of malicious code, potentially allowing attackers to access sensitive information or perform actions on behalf of the user, which compromises the integrity and security of affected websites.

Affected Version(s)

Blocksy <= 2.1.6

References

https://patchstack.com/database/wordpress/theme/blocksy/v...

vdb-entry

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 14, 2025
Vulnerability Reserved
Aug 14, 2025

Credit

savphill (Patchstack Alliance)