4 matches found
CVE-2023-23898
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in CreativeThemes Blocksy Companion plugin = 1.8.67 versions...
CVE-2023-23898
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in CreativeThemes Blocksy Companion plugin = 1.8.67 versions...
CVE-2023-23898 WordPress Blocksy Companion Plugin <= 1.8.67 is vulnerable to Cross Site Scripting (XSS)
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in CreativeThemes Blocksy Companion plugin = 1.8.67 versions...
CVE-2023-23898
CVE-2023-23898 is a stored XSS in the CreativeThemes Blocksy Companion WordPress plugin up to version 1.8.67. The root cause is improper escaping/validation of the class attribute in the blocksy_posts shortcode output, exploitable by users with Contributor+ permissions. Impact is stored XSS; CVSS...