WordPress Blocksy Companion Plugin Cross-Site Scripting Vulnerability

WordPress Blocksy Companion Plugin is an official plugin designed for WordPress theme Blocksy to enhance the theme functionality with advanced customization options and integration tools. WordPress Blocksy Companion Plugin suffers from a cross-site scripting vulnerability that stems from the...

EUVD-2024-44101

Malicious code in bioql PyPI...

EUVD-2024-27344

Malicious code in bioql PyPI...

EUVD-2023-27981

Malicious code in bioql PyPI...

WordPress Blocksy Companion Plugin Cross-Site Scripting Vulnerability

WordPress Blocksy Companion Plugin is a plugin designed to enhance the functionality of WordPress themes. WordPress Blocksy Companion Plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, which ca...

CVE-2025-9565

The CVE concerns the WordPress Blocksy Companion plugin. All versions up to 2.1.10 are affected via the blocksy_newsletter_subscribe shortcode due to insufficient input sanitization and output escaping, allowing authenticated users with contributor-level access or higher to inject arbitrary scrip...

WordPress Blocksy Companion plugin <= 2.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via blocksy_newsletter_subscribe Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via blocksynewslettersubscribe Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Blocksy Companion versions = 2.1.10...

CVE-2024-2392

The Blocksy Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Newsletter widget in all versions up to, and including, 2.0.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2024-4487

The Blocksy Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG uploads in versions up to, and including, 2.0.45 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and...

CVE-2023-1911

The Blocksy Companion WordPress plugin before 1.8.82 does not ensure that posts to be accessed via a shortcode are already public and can be viewed, allowing any authenticated users, such as subscriber to access draft posts for example...

WordPress Blocksy Companion Plugin <= 2.0.42 is vulnerable to Server Side Request Forgery (SSRF)

Software Blocksy Companion Type Plugin Vulnerable versions = 2.0.42 Fixed in 2.0.43 OWASP Top 10 A10: Server-Side Request Forgery SSRF Classification Server Side Request Forgery SSRF CVE CVE-2024-35633 Patch priority Low CVSS severity Low 4.4 Developer Creative Themes PSID 17f8e8024338 Credits...

WordPress Blocksy Companion Plugin <= 2.0.45 is vulnerable to Cross Site Scripting (XSS)

Software Blocksy Companion Type Plugin Vulnerable versions = 2.0.45 Fixed in 2.0.46 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4487 Patch priority Low CVSS severity Low 6.5 Developer Creative Themes PSID 47cc317dca12 Credits wesley wcraft Requir...

WordPress Blocksy Companion Plugin <= 1.8.46 is vulnerable to Cross Site Scripting (XSS)

Software Blocksy Companion Type Plugin Vulnerable versions = 1.8.46 Fixed in 1.8.47 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Creative Themes PSID ec10715e354a Credits Rafie Muhammad Patchstack Requir...

WordPress Blocksy Companion Plugin < 1.8.82 is vulnerable to Sensitive Data Exposure

Software Blocksy Companion Type Plugin Vulnerable versions 1.8.82 Fixed in 1.8.82 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-1911 Patch priority Medium CVSS severity Medium 4.3 Developer Creative Themes PSID a9848e95cc61 Credits Erwan LR WPScan...

Blocksy Companion < 1.8.82 - Subscriber+ Draft Post Access

The plugin does not ensure that posts to be accessed via a shortcode are already public and can be viewed, allowing any authenticated users, such as subscriber to access draft posts for example Run the below command in the developer console of the web browser while being on the blog as a subscrib...

CVE-2023-23898

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in CreativeThemes Blocksy Companion plugin = 1.8.67 versions...

CVE-2023-23898 WordPress Blocksy Companion Plugin <= 1.8.67 is vulnerable to Cross Site Scripting (XSS)

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in CreativeThemes Blocksy Companion plugin = 1.8.67 versions...

WordPress Blocksy Companion Plugin <= 1.8.67 is vulnerable to Cross Site Scripting (XSS)

Software Blocksy Companion Type Plugin Vulnerable versions = 1.8.67 Fixed in 1.8.68 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23898 Patch priority Low CVSS severity Low 5.5 Developer Creative Themes PSID 25ea86bf944f Credits Rafshanzani Suhada...