284 matches found
CVE-2024-31382
CVE-2024-31382: CSRF in Blocksy (Creative Themes HQ Blocksy) affecting Blocksy versions up to and including 2.0.22. Connected sources confirm the issue is CSRF, but no exploit details or confirmed fixed version are provided in the supplied documents. remediation/fix version is not specified in th...
WordPress Plugin Blocksy 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...
PT-2024-24029 · Creativethemes · Blocksy
Name of the Vulnerable Software and Affected Versions: Blocksy versions 2.0.22 and earlier Description: A Cross-Site Request Forgery CSRF issue affects Creative Themes HQ Blocksy. This issue allows an attacker to perform unintended actions on a user's account. Recommendations: For versions 2.0.22...
CVE-2024-31932
Cross-Site Request Forgery CSRF vulnerability in CreativeThemes Blocksy Companion.This issue affects Blocksy Companion: from n/a through 2.0.28...
CVE-2024-31932
Cross-Site Request Forgery CSRF vulnerability in CreativeThemes Blocksy Companion.This issue affects Blocksy Companion: from n/a through 2.0.28...
CVE-2024-31932 WordPress Blocksy Companion plugin <= 2.0.28 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in CreativeThemes Blocksy Companion.This issue affects Blocksy Companion: from n/a through 2.0.28...
CVE-2024-31932 WordPress Blocksy Companion plugin <= 2.0.28 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in CreativeThemes Blocksy Companion.This issue affects Blocksy Companion: from n/a through 2.0.28...
CVE-2024-31932
CVE-2024-31932 applies to Blocksy Companion: Cross-Site Request Forgery (CSRF) vulnerability in Blocksy Companion up to version 2.0.28. The issue has a CVSS v3.1 score of 8.8 (High) with network attack vector, no privileges required, user interaction needed, and impacts to confidentiality, integr...
WordPress Plugin Blocksy Companion 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. WordPress Plugin Blocksy Companion A...
WordPress Blocksy Companion plugin <= 2.0.28 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by FearZzZz Patchstack Alliance in WordPress Plugin Blocksy Companion versions = 2.0.28...
WordPress Blocksy theme <= 2.0.22 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Theme Blocksy versions = 2.0.22...
WordPress Blocksy Companion Plugin <= 2.0.28 is vulnerable to Cross Site Request Forgery (CSRF)
Software Blocksy Companion Type Plugin Vulnerable versions = 2.0.28 Fixed in 2.0.29 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-31932 Patch priority Low CVSS severity Low 5.4 Developer Creative Themes PSID f75fe061addd Credits RE-ALTER Requir...
WordPress Blocksy Theme <= 2.0.22 is vulnerable to Cross Site Request Forgery (CSRF)
Software Blocksy Type Theme Vulnerable versions = 2.0.22 Fixed in 2.0.23 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-31382 Patch priority Low CVSS severity Low 4.3 Developer Creative Themes PSID 9f0c2c96683b Credits Dhabaleshwar Das Required...
CVE-2024-2392
The Blocksy Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Newsletter widget in all versions up to, and including, 2.0.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2024-2392
The Blocksy Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Newsletter widget in all versions up to, and including, 2.0.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2024-2392
CVE-2024-2392 affects Blocksy Companion for WordPress; versions up to and including 2.0.31 are vulnerable to Stored XSS via the Newsletter widget due to insufficient input sanitization/escaping. Exploitation requires Contributor+ authenticated access; impact is arbitrary script injection in pages...
CVE-2024-2392
The Blocksy Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Newsletter widget in all versions up to, and including, 2.0.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2024-2392 Blocksy Companion <= 2.0.31 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Blocksy Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Newsletter widget in all versions up to, and including, 2.0.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
Blocksy Companion < 2.0.32 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin...
WordPress Plugin Blocksy Companion 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on servers running PHP and MySQL.WordPress plugin i...