Vulnerabilities and security researches formaxi-blocks maxi-blocks

Jul 24, 2024

CVE, Research URL: CVE-2024-6885
Home page URL: Security reports for MaxiBlocks Free Page Builder & Template Library
Application: MaxiBlocks Free Page Builder & Template Library
Date: Jul 23, 2024
Research Description: The MaxiBlocks: 2200+ Patterns, 190 Pages, 14.2K Icons & 100 Styles plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the maxi_remove_custom_image_size and maxi_add_custom_image_size functions in all versions up to, and including, 1.9.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
Affected versions: Min -, max -.
Status: vulnerable

Jun 06, 2025

CVE, Research URL: CVE-2025-47601
Home page URL: Security reports for MaxiBlocks Free Page Builder & Template Library
Application: MaxiBlocks Free Page Builder & Template Library
Date: -
Research Description: MaxiBlocks: 2300+ Patterns, 280+ Pages, 14.3K Icons & 100 Styles [maxi-blocks] <= 2.1.0 (unfixed) CVE-2025-47601
Affected versions: Min -, max -.
Status: vulnerable