284 matches found
CVE-2025-12846
The Blocksy Companion plugin for WordPress is vulnerable to authenticated arbitrary file upload in all versions up to, and including, 2.1.19. This is due to insufficient file type validation detecting SVG files, allowing double extension files to bypass sanitization while being accepted as a vali...
EUVD-2025-84359
The Blocksy Companion plugin for WordPress is vulnerable to authenticated arbitrary file upload in all versions up to, and including, 2.1.19. This is due to insufficient file type validation detecting SVG files, allowing double extension files to bypass sanitization while being accepted as a vali...
CVE-2025-12846
The Blocksy Companion plugin for WordPress is vulnerable to authenticated arbitrary file upload in all versions up to, and including, 2.1.19. This is due to insufficient file type validation detecting SVG files, allowing double extension files to bypass sanitization while being accepted as a vali...
CVE-2025-12846 Blocksy Companion <= 2.1.19 - Authenticated (Author+) Arbitrary File Upload via SVG Upload Bypass
The Blocksy Companion plugin for WordPress is vulnerable to authenticated arbitrary file upload in all versions up to, and including, 2.1.19. This is due to insufficient file type validation detecting SVG files, allowing double extension files to bypass sanitization while being accepted as a vali...
CVE-2025-12846
CVE-2025-12846 affects Blocksy Companion for WordPress (versions
CVE-2025-12846 Blocksy Companion <= 2.1.19 - Authenticated (Author+) Arbitrary File Upload via SVG Upload Bypass
The Blocksy Companion plugin for WordPress is vulnerable to authenticated arbitrary file upload in all versions up to, and including, 2.1.19. This is due to insufficient file type validation detecting SVG files, allowing double extension files to bypass sanitization while being accepted as a vali...
WordPress Blocksy Companion plugin <= 2.1.19 - Authenticated (Author+) Arbitrary File Upload via SVG Upload Bypass vulnerability
Authenticated Author+ Arbitrary File Upload via SVG Upload Bypass vulnerability discovered by shark3y in WordPress Plugin Blocksy Companion versions = 2.1.19...
PT-2025-46324
Name of the Vulnerable Software and Affected Versions Blocksy Companion plugin for WordPress versions up to and including 2.1.19 Description The Blocksy Companion plugin for WordPress is susceptible to authenticated arbitrary file upload due to insufficient file type validation. Specifically, the...
WordPress plugin Blocksy Companion 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...
WordPress Blocksy Companion Plugin Cross-Site Scripting Vulnerability
WordPress Blocksy Companion Plugin is an official plugin designed for WordPress theme Blocksy to enhance the theme functionality with advanced customization options and integration tools. WordPress Blocksy Companion Plugin suffers from a cross-site scripting vulnerability that stems from the...
CVE-2025-12475
The Blocksy Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'blocksynewslettersubscribe' shortcode in all versions up to, and including, 2.1.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possib...
CVE-2025-12475
The Blocksy Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'blocksynewslettersubscribe' shortcode in all versions up to, and including, 2.1.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possib...
CVE-2025-12475 Blocksy Companion <= 2.1.14 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Blocksy Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'blocksynewslettersubscribe' shortcode in all versions up to, and including, 2.1.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possib...
CVE-2025-12475 Blocksy Companion <= 2.1.14 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Blocksy Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'blocksynewslettersubscribe' shortcode in all versions up to, and including, 2.1.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possib...
EUVD-2025-36897
The Blocksy Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'blocksynewslettersubscribe' shortcode in all versions up to, and including, 2.1.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possib...
CVE-2025-12475
The CVE-2025-12475 entry refers to the WordPress Blocksy Companion plugin. A stored Cross-Site Scripting vulnerability exists in all versions up to and including 2.1.14 via the blocksy_newsletter_subscribe shortcode, caused by insufficient input sanitization and output escaping on user-supplied a...
PT-2025-44370
Name of the Vulnerable Software and Affected Versions Blocksy Companion plugin for WordPress versions up to and including 2.1.14 Description The Blocksy Companion plugin for WordPress is susceptible to Stored Cross-Site Scripting through the 'blocksy newsletter subscribe' shortcode. This is due t...
WordPress plugin Blocksy Companion 跨站脚本漏洞
WordPress Blocksy Companion Plugin is an official plugin designed for WordPress theme Blocksy to enhance the theme functionality with advanced customization options and integration tools. WordPress Blocksy Companion Plugin suffers from a cross-site scripting vulnerability that stems from the...
WordPress Blocksy Companion plugin <= 2.1.14 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Rafshanzani Suhada in WordPress Plugin Blocksy Companion versions = 2.1.14...
EUVD-2025-29692
Malicious code in bioql PyPI...