CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

235 matches found

Patchstack•added 2026/04/22 2:40 p.m.•4 views

WordPress Blocksy Companion Pro plugin <= 2.1.37 - Remote Code Execution (RCE) vulnerability

Remote Code Execution RCE vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Blocksy Companion Pro versions = 2.1.37...

5.5AI score

Exploits0Affected Software1

Patchstack•added 2026/04/08 12:7 p.m.•1 views

WordPress Blocksy Companion Pro plugin < 2.1.29 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Blocksy Companion Pro versions 2.1.29...

6AI score

Exploits0Affected Software1

RedhatCVE•added 2026/03/04 1:56 a.m.•3 views

CVE-2026-2583

The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the blocksymeta metadata fields in all versions up to, and including, 2.1.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level acce...

6.4CVSS6AI score0.00043EPSS

Exploits0References1

Patchstack•added 2026/03/02 11:24 p.m.•4 views

WordPress Blocksy plugin <= 2.1.30 - Authenticated (Contributor+) Stored Cross-Site Scripting via `blocksy_meta` Fields vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via blocksymeta Fields vulnerability discovered by Quốc Huy jtwings - Puramu in WordPress Theme Blocksy versions = 2.1.30...

6.4CVSS5.9AI score0.00043EPSS

Exploits0References1Affected Software1

NVD•added 2026/03/02 11:16 p.m.•4 views

CVE-2026-2583

6.4CVSS0.00043EPSS

Exploits0References2

Vulnrichment•added 2026/03/02 10:23 p.m.•3 views

CVE-2026-2583 Blocksy <= 2.1.30 - Authenticated (Contributor+) Stored Cross-Site Scripting via `blocksy_meta` Fields

6.4CVSS6AI score0.00043EPSS

Exploits0References2

CVE•added 2026/03/02 10:23 p.m.•5 views

CVE-2026-2583

The CVE describes a Stored Cross-Site Scripting issue in the Blocksy theme for WordPress, affecting versions up to 2.1.30. The vulnerability arises from insufficient input sanitization and output escaping in the blocksy_meta fields, allowing authenticated attackers with Contributor-level access a...

6.4CVSS6AI score0.00043EPSS

Exploits0References2

ATTACKERKB•added 2026/03/02 10:23 p.m.•3 views

CVE-2026-2583

6.4CVSS6AI score0.00043EPSS

Exploits0References3

Cvelist•added 2026/03/02 10:23 p.m.•19 views

CVE-2026-2583 Blocksy <= 2.1.30 - Authenticated (Contributor+) Stored Cross-Site Scripting via `blocksy_meta` Fields

6.4CVSS0.00043EPSS

Exploits0References2

Positive Technologies•added 2026/03/02 12:0 a.m.•3 views

PT-2026-22705

Name of the Vulnerable Software and Affected Versions Blocksy theme for WordPress versions up to and including 2.1.30 Description The Blocksy theme for WordPress is susceptible to Stored Cross-Site Scripting through the blocksy meta metadata fields. Insufficient input sanitization and output...

6.4CVSS6AI score0.00043EPSS

Exploits0References6

CNNVD•added 2026/03/02 12:0 a.m.•2 views

WordPress plugin Blocksy 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

6.4CVSS5.7AI score0.00043EPSS

Exploits0References2

RedhatCVE•added 2025/11/12 12:6 p.m.•1 views

CVE-2025-12846

The Blocksy Companion plugin for WordPress is vulnerable to authenticated arbitrary file upload in all versions up to, and including, 2.1.19. This is due to insufficient file type validation detecting SVG files, allowing double extension files to bypass sanitization while being accepted as a vali...

8.8CVSS7.4AI score0.00092EPSS

Exploits0References1

EUVD•added 2025/11/11 12:30 p.m.•1 views

EUVD-2025-84359

8.8CVSS7AI score0.00092EPSS

Exploits0References3

NVD•added 2025/11/11 11:15 a.m.•1 views

CVE-2025-12846

8.8CVSS0.00092EPSS

Exploits0References2

Vulnrichment•added 2025/11/11 11:3 a.m.•1 views

CVE-2025-12846 Blocksy Companion <= 2.1.19 - Authenticated (Author+) Arbitrary File Upload via SVG Upload Bypass

8.8CVSS7.1AI score0.00092EPSS

Exploits0References2

CVE•added 2025/11/11 11:3 a.m.•7 views

CVE-2025-12846

CVE-2025-12846 affects Blocksy Companion for WordPress (versions

8.8CVSS7AI score0.00092EPSS

Exploits0References2

Cvelist•added 2025/11/11 11:3 a.m.•4 views

CVE-2025-12846 Blocksy Companion <= 2.1.19 - Authenticated (Author+) Arbitrary File Upload via SVG Upload Bypass

8.8CVSS0.00092EPSS

Exploits0References2

Patchstack•added 2025/11/11 1:19 a.m.•3 views

WordPress Blocksy Companion plugin <= 2.1.19 - Authenticated (Author+) Arbitrary File Upload via SVG Upload Bypass vulnerability

Authenticated Author+ Arbitrary File Upload via SVG Upload Bypass vulnerability discovered by shark3y in WordPress Plugin Blocksy Companion versions = 2.1.19...

8.8CVSS6.8AI score0.00092EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2025/11/11 12:0 a.m.•2 views

PT-2025-46324

Name of the Vulnerable Software and Affected Versions Blocksy Companion plugin for WordPress versions up to and including 2.1.19 Description The Blocksy Companion plugin for WordPress is susceptible to authenticated arbitrary file upload due to insufficient file type validation. Specifically, the...

8.8CVSS7.5AI score0.00092EPSS

Exploits0References5

CNNVD•added 2025/11/11 12:0 a.m.•0 views

WordPress plugin Blocksy Companion 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

8.8CVSS7.7AI score0.00092EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by