Lucene search
K

284 matches found

cve
cve
added 2024/04/15 10:15 a.m.70 views

CVE-2024-31382

CVE-2024-31382: CSRF in Blocksy (Creative Themes HQ Blocksy) affecting Blocksy versions up to and including 2.0.22. Connected sources confirm the issue is CSRF, but no exploit details or confirmed fixed version are provided in the supplied documents. remediation/fix version is not specified in th...

8.8CVSS5.9AI score0.00228EPSS
Exploits0References2Affected Software1
cnnvd
cnnvd
added 2024/04/15 12:0 a.m.4 views

WordPress Plugin Blocksy 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

8.8CVSS6.4AI score0.00228EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2024/04/15 12:0 a.m.7 views

PT-2024-24029 · Creativethemes · Blocksy

Name of the Vulnerable Software and Affected Versions: Blocksy versions 2.0.22 and earlier Description: A Cross-Site Request Forgery CSRF issue affects Creative Themes HQ Blocksy. This issue allows an attacker to perform unintended actions on a user's account. Recommendations: For versions 2.0.22...

8.8CVSS7AI score0.00228EPSS
Exploits0References6
osv
osv
added 2024/04/11 1:15 p.m.3 views

CVE-2024-31932

Cross-Site Request Forgery CSRF vulnerability in CreativeThemes Blocksy Companion.This issue affects Blocksy Companion: from n/a through 2.0.28...

8.8CVSS5.8AI score0.00208EPSS
Exploits0References1
nvd
nvd
added 2024/04/11 1:15 p.m.16 views

CVE-2024-31932

Cross-Site Request Forgery CSRF vulnerability in CreativeThemes Blocksy Companion.This issue affects Blocksy Companion: from n/a through 2.0.28...

8.8CVSS5.5AI score0.00208EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2024/04/11 12:20 p.m.23 views

CVE-2024-31932 WordPress Blocksy Companion plugin <= 2.0.28 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in CreativeThemes Blocksy Companion.This issue affects Blocksy Companion: from n/a through 2.0.28...

5.4CVSS5.1AI score0.00208EPSS
Exploits0References1
cvelist
cvelist
added 2024/04/11 12:20 p.m.19 views

CVE-2024-31932 WordPress Blocksy Companion plugin <= 2.0.28 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in CreativeThemes Blocksy Companion.This issue affects Blocksy Companion: from n/a through 2.0.28...

5.4CVSS5.7AI score0.00208EPSS
Exploits0References1
cve
cve
added 2024/04/11 12:20 p.m.68 views

CVE-2024-31932

CVE-2024-31932 applies to Blocksy Companion: Cross-Site Request Forgery (CSRF) vulnerability in Blocksy Companion up to version 2.0.28. The issue has a CVSS v3.1 score of 8.8 (High) with network attack vector, no privileges required, user interaction needed, and impacts to confidentiality, integr...

8.8CVSS5.1AI score0.00208EPSS
Exploits0References1Affected Software1
cnnvd
cnnvd
added 2024/04/11 12:0 a.m.3 views

WordPress Plugin Blocksy Companion 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. WordPress Plugin Blocksy Companion A...

8.8CVSS6.6AI score0.00208EPSS
Exploits0References2
patchstack
patchstack
added 2024/04/10 1:32 p.m.3 views

WordPress Blocksy Companion plugin <= 2.0.28 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by FearZzZz Patchstack Alliance in WordPress Plugin Blocksy Companion versions = 2.0.28...

8.8CVSS7AI score0.00208EPSS
Exploits0Affected Software1
patchstack
patchstack
added 2024/04/10 6:28 a.m.5 views

WordPress Blocksy theme <= 2.0.22 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Theme Blocksy versions = 2.0.22...

8.8CVSS7AI score0.00228EPSS
Exploits0Affected Software1
patchstack
patchstack
added 2024/04/10 12:0 a.m.12 views

WordPress Blocksy Companion Plugin <= 2.0.28 is vulnerable to Cross Site Request Forgery (CSRF)

Software Blocksy Companion Type Plugin Vulnerable versions = 2.0.28 Fixed in 2.0.29 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-31932 Patch priority Low CVSS severity Low 5.4 Developer Creative Themes PSID f75fe061addd Credits RE-ALTER Requir...

8.8CVSS6.6AI score0.00208EPSS
Exploits0References2Affected Software1
patchstack
patchstack
added 2024/04/10 12:0 a.m.12 views

WordPress Blocksy Theme <= 2.0.22 is vulnerable to Cross Site Request Forgery (CSRF)

Software Blocksy Type Theme Vulnerable versions = 2.0.22 Fixed in 2.0.23 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-31382 Patch priority Low CVSS severity Low 4.3 Developer Creative Themes PSID 9f0c2c96683b Credits Dhabaleshwar Das Required...

8.8CVSS6.7AI score0.00228EPSS
Exploits0References2Affected Software1
nvd
nvd
added 2024/03/22 2:15 a.m.13 views

CVE-2024-2392

The Blocksy Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Newsletter widget in all versions up to, and including, 2.0.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5.7AI score0.00346EPSS
Exploits0References2
osv
osv
added 2024/03/22 2:15 a.m.3 views

CVE-2024-2392

The Blocksy Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Newsletter widget in all versions up to, and including, 2.0.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

5.4CVSS5.9AI score0.00346EPSS
Exploits0References2
cve
cve
added 2024/03/22 1:59 a.m.64 views

CVE-2024-2392

CVE-2024-2392 affects Blocksy Companion for WordPress; versions up to and including 2.0.31 are vulnerable to Stored XSS via the Newsletter widget due to insufficient input sanitization/escaping. Exploitation requires Contributor+ authenticated access; impact is arbitrary script injection in pages...

6.5CVSS7.6AI score0.00346EPSS
Exploits0References2Affected Software1
vulnrichment
vulnrichment
added 2024/03/22 1:59 a.m.11 views

CVE-2024-2392

The Blocksy Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Newsletter widget in all versions up to, and including, 2.0.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.5CVSS5.7AI score0.00346EPSS
Exploits0References2
cvelist
cvelist
added 2024/03/22 1:59 a.m.17 views

CVE-2024-2392 Blocksy Companion <= 2.0.31 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Blocksy Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Newsletter widget in all versions up to, and including, 2.0.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5.8AI score0.00346EPSS
Exploits0References2
wpvulndb
wpvulndb
added 2024/03/22 12:0 a.m.19 views

Blocksy Companion < 2.0.32 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin...

6.5CVSS6AI score0.00346EPSS
Exploits0References1Affected Software1
cnnvd
cnnvd
added 2024/03/22 12:0 a.m.6 views

WordPress Plugin Blocksy Companion 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on servers running PHP and MySQL.WordPress plugin i...

6.5CVSS7.7AI score0.00346EPSS
Exploits0References3
Rows per page
Query Builder