CVE-2026-8365 - Blocksy <= 2.1.41 - Authenticated (Contributor+) PHP Object Injection via Deserialization of Untrusted Data via 'blocksy_meta' REST API Field
CVE ID :CVE-2026-8365 Published : June 9, 2026, 9:16 a.m. | 1 hour, 59 minutes ago Description :The Blocksy theme for WordPress is vulnerable to PHP Object Injection leading to Remote Code Execution via the 'blocksy_meta' REST API field and the V200 database migration in versions up to and...