cleantalk
Vulnerabilities and Security Researches

MaxiBlocks Free Page Builder & Template Library, CVE-2024-6885

CVE, Research URL

CVE-2024-6885

Home page URL

Security reports for MaxiBlocks Free Page Builder & Template Library

Application

MaxiBlocks Free Page Builder & Template Library

Published on
Jul 23, 2024
Research Description
The MaxiBlocks: 2200+ Patterns, 190 Pages, 14.2K Icons & 100 Styles plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the maxi_remove_custom_image_size and maxi_add_custom_image_size functions in all versions up to, and including, 1.9.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
Affected versions
Min -, max 1.9.3.
Status
vulnerable
Previous vulnerability researches
MaxiBlocks Free Page Builder & Template Library (CVE-2025-47601) , Jun 06, 2025
MaxiBlocks Free Page Builder & Template Library (CVE-2024-6885) , Jul 24, 2024
New vulnerability
The Plus Addons for Elementor (CVE-2025-49076) , Jun 06, 2025
WP Pipes (CVE-2025-48267) , Jun 06, 2025
Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, (CVE-2025-5292) , Jun 06, 2025
Newsletters (CVE-2025-4857) , Jun 06, 2025
Royal Elementor Addons and Templates (CVE-2025-3813) , Jun 06, 2025