CVE-2025-14904

CVE-2025-14904 affects Newsletter Email Subscribe (WordPress plugin). The WordPress plugin versions up to 2.4 are vulnerable to Cross-Site Request Forgery due to incorrect nonce validation in the nels_settings_page function, enabling unauthenticated attackers to update plugin settings via forged ...

CVE-2025-12475

The Blocksy Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'blocksynewslettersubscribe' shortcode in all versions up to, and including, 2.1.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possib...

EUVD-2025-36897

The Blocksy Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'blocksynewslettersubscribe' shortcode in all versions up to, and including, 2.1.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possib...

CVE-2025-12475

The CVE-2025-12475 entry refers to the WordPress Blocksy Companion plugin. A stored Cross-Site Scripting vulnerability exists in all versions up to and including 2.1.14 via the blocksy_newsletter_subscribe shortcode, caused by insufficient input sanitization and output escaping on user-supplied a...

CVE-2025-12475 Blocksy Companion <= 2.1.14 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Blocksy Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'blocksynewslettersubscribe' shortcode in all versions up to, and including, 2.1.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possib...

CVE-2025-12475 Blocksy Companion <= 2.1.14 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Blocksy Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'blocksynewslettersubscribe' shortcode in all versions up to, and including, 2.1.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possib...

CVE-2025-9565

The CVE concerns the WordPress Blocksy Companion plugin. All versions up to 2.1.10 are affected via the blocksy_newsletter_subscribe shortcode due to insufficient input sanitization and output escaping, allowing authenticated users with contributor-level access or higher to inject arbitrary scrip...

CVE-2025-9565 Blocksy Companion <= 2.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via blocksy_newsletter_subscribe Shortcode

The Blocksy Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's blocksynewslettersubscribe shortcode in all versions up to, and including, 2.1.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

findsavings.com XSS vulnerability

Open Bug Bounty ID: OBB-656658 Description| Value ---|--- Affected Website:| findsavings.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

cameranu.nl XSS vulnerability

Open Bug Bounty ID: OBB-574745 Description| Value ---|--- Affected Website:| cameranu.nl Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

gordonsguide.com XSS vulnerability

Open Bug Bounty ID: OBB-562930 Description| Value ---|--- Affected Website:| gordonsguide.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...