Vulnerabilities and security researches formaxi-blocks maxi-blocks

Jul 24, 2024

CVE, Research URL: CVE-2024-6885
Home page URL: Security reports for MaxiBlocks Free Page Builder & Template Library
Application: MaxiBlocks Free Page Builder & Template Library
Date: Jul 23, 2024
Research Description: The MaxiBlocks: 2200+ Patterns, 190 Pages, 14.2K Icons & 100 Styles plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the maxi_remove_custom_image_size and maxi_add_custom_image_size functions in all versions up to, and including, 1.9.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
Affected versions: max 1.9.3.
Status: vulnerable

Jun 06, 2025

CVE, Research URL: CVE-2025-47601
Home page URL: Security reports for MaxiBlocks Free Page Builder & Template Library
Application: MaxiBlocks Free Page Builder & Template Library
Date: Jun 07, 2025
Research Description: Missing Authorization vulnerability in Christiaan Pieterse MaxiBlocks allows Privilege Escalation.This issue affects MaxiBlocks: from n/a through 2.1.0.
Affected versions: max 2.1.0.
Status: vulnerable