CVE-2024-35633
- EPSS 0.21%
- Veröffentlicht 03.06.2024 10:15:13
- Zuletzt bearbeitet 30.01.2025 19:52:10
Server-Side Request Forgery (SSRF) vulnerability in CreativeThemes Blocksy Companion.This issue affects Blocksy Companion: from n/a through 2.0.42.
CVE-2024-4487
- EPSS 0.15%
- Veröffentlicht 14.05.2024 15:43:53
- Zuletzt bearbeitet 28.01.2025 02:58:09
The Blocksy Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG uploads in versions up to, and including, 2.0.45 due to insufficient input sanitization and output escaping. This makes it possible for authenticated atta...
CVE-2024-31932
- EPSS 0.12%
- Veröffentlicht 11.04.2024 13:15:54
- Zuletzt bearbeitet 31.01.2025 18:00:24
Cross-Site Request Forgery (CSRF) vulnerability in CreativeThemes Blocksy Companion.This issue affects Blocksy Companion: from n/a through 2.0.28.
CVE-2024-2392
- EPSS 0.14%
- Veröffentlicht 22.03.2024 02:15:08
- Zuletzt bearbeitet 28.01.2025 18:32:57
The Blocksy Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Newsletter widget in all versions up to, and including, 2.0.31 due to insufficient input sanitization and output escaping on user supplied attrib...
CVE-2023-1911
- EPSS 0.13%
- Veröffentlicht 02.05.2023 08:15:10
- Zuletzt bearbeitet 30.01.2025 15:15:14
The Blocksy Companion WordPress plugin before 1.8.82 does not ensure that posts to be accessed via a shortcode are already public and can be viewed, allowing any authenticated users, such as subscriber to access draft posts for example
CVE-2023-23898
- EPSS 0.1%
- Veröffentlicht 06.04.2023 11:15:06
- Zuletzt bearbeitet 21.11.2024 07:47:03
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in CreativeThemes Blocksy Companion plugin <= 1.8.67 versions.