Creativethemes Blocksy_companion
6 CVEs affecting Creativethemes Blocksy_companion. Latest disclosed: 2024-06-03. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-4487 | Medium | 6.4 | 2024-05-14 | The Blocksy Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG uploads in versions up to, and including, 2.0.45 due to insuffi… |
CVE-2024-2392 | Medium | 6.4 | 2024-03-22 | The Blocksy Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Newsletter widget in all versions up to, and including… |
CVE-2023-23898 | Medium | 5.5 | 2023-04-06 | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in CreativeThemes Blocksy Companion plugin <= 1.8.67 versions. |
CVE-2024-31932 | Medium | 5.4 | 2024-04-11 | Cross-Site Request Forgery (CSRF) vulnerability in CreativeThemes Blocksy Companion.This issue affects Blocksy Companion: from n/a through 2.0.28. |
CVE-2024-35633 | Medium | 4.4 | 2024-06-03 | Server-Side Request Forgery (SSRF) vulnerability in Creative Themes Blocksy Companion blocksy-companion.This issue affects Blocksy Companion: from n/a through… |
CVE-2023-1911 | Medium | 4.3 | 2023-05-02 | The Blocksy Companion WordPress plugin before 1.8.82 does not ensure that posts to be accessed via a shortcode are already public and can be viewed, allowing a… |