Lucene search
K
CreativethemesBlocksy Companion

6 matches found

CVE
CVE
added 2023/05/02 7:4 a.m.97 views

CVE-2023-1911

Blocksy Companion (WordPress plugin by Creative Themes) before 1.8.82 contains an authorization flaw: posts accessible via a shortcode are not confirmed public, allowing any authenticated user (e.g., subscribers) to view draft content. This exposes draft posts to users who should not have access....

4.3CVSS4.7AI score0.0055EPSS
Web
CVE
CVE
added 2024/04/11 12:20 p.m.67 views

CVE-2024-31932

CVE-2024-31932 applies to Blocksy Companion: Cross-Site Request Forgery (CSRF) vulnerability in Blocksy Companion up to version 2.0.28. The issue has a CVSS v3.1 score of 8.8 (High) with network attack vector, no privileges required, user interaction needed, and impacts to confidentiality, integr...

8.8CVSS5.1AI score0.00208EPSS
CVE
CVE
added 2024/03/22 1:59 a.m.64 views

CVE-2024-2392

CVE-2024-2392 affects Blocksy Companion for WordPress; versions up to and including 2.0.31 are vulnerable to Stored XSS via the Newsletter widget due to insufficient input sanitization/escaping. Exploitation requires Contributor+ authenticated access; impact is arbitrary script injection in pages...

6.5CVSS7.6AI score0.00346EPSS
CVE
CVE
added 2023/04/06 10:8 a.m.49 views

CVE-2023-23898

CVE-2023-23898 is a stored XSS in the CreativeThemes Blocksy Companion WordPress plugin up to version 1.8.67. The root cause is improper escaping/validation of the class attribute in the blocksy_posts shortcode output, exploitable by users with Contributor+ permissions. Impact is stored XSS; CVSS...

5.5CVSS5.2AI score0.00341EPSS
CVE
CVE
added 2024/06/03 10:4 a.m.45 views

CVE-2024-35633

CVE-2024-35633 is a Server-Side Request Forgery (SSRF) vulnerability in CreativeThemes Blocksy Companion for WordPress, affecting Blocksy Companion versions up to 2.0.42. The affected condition requires Administrator-level access; the issue is exploitable via network-based vectors and impacts con...

4.9CVSS5.9AI score0.00262EPSS
CVE
CVE
added 2024/05/11 7:40 a.m.33 views

CVE-2024-4487

CVE-2024-4487 affects Blocksy Companion for WordPress. The vulnerability is a Stored Cross-Site Scripting via SVG uploads in Blocksy Companion versions up to and including 2.0.45, caused by insufficient input sanitization and output escaping. Exploitation requires authenticated access at contribu...

6.4CVSS5.7AI score0.00429EPSS