2 matches found
CVE-2024-2392
CVE-2024-2392 affects Blocksy Companion for WordPress; versions up to and including 2.0.31 are vulnerable to Stored XSS via the Newsletter widget due to insufficient input sanitization/escaping. Exploitation requires Contributor+ authenticated access; impact is arbitrary script injection in pages...
WordPress Blocksy Companion Plugin <= 2.0.31 is vulnerable to Cross Site Scripting (XSS)
Software Blocksy Companion Type Plugin Vulnerable versions = 2.0.31 Fixed in 2.0.32 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2392 Patch priority Low CVSS severity Low 6.5 Developer Creative Themes PSID bbd31df0e8be Credits Ngô Thiên An ancorn...