3 matches found
CVE-2024-4487
creationtimestamp| type| source ---|---|--- 2025-01-28 03:16:38+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/3204...
WordPress Blocksy Companion Plugin <= 2.0.45 is vulnerable to Cross Site Scripting (XSS)
Software Blocksy Companion Type Plugin Vulnerable versions = 2.0.45 Fixed in 2.0.46 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4487 Patch priority Low CVSS severity Low 6.5 Developer Creative Themes PSID 47cc317dca12 Credits wesley wcraft Requir...
CVE-2024-4487 Blocksy Companion <= 2.0.45 - Authenticated (Contributor+) Stored Cross-Site Scripting via SVG Uploads
The Blocksy Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG uploads in versions up to, and including, 2.0.45 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and...