Creativethemeshq Blocksy Companion
7 CVEs affecting Creativethemeshq Blocksy Companion. Latest disclosed: 2026-06-19. Critical: 0, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-12846 | High | 8.8 | 2025-11-11 | The Blocksy Companion plugin for WordPress is vulnerable to authenticated arbitrary file upload in all versions up to, and including, 2.1.19. This is due to in… |
CVE-2025-12475 | Medium | 6.4 | 2025-10-30 | The Blocksy Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'blocksy_newsletter_subscribe' shortcode in all versio… |
CVE-2025-9565 | Medium | 6.4 | 2025-09-17 | The Blocksy Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's blocksy_newsletter_subscribe shortcode in all versions… |
CVE-2024-4487 | Medium | 6.4 | 2024-05-14 | The Blocksy Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG uploads in versions up to, and including, 2.0.45 due to insuffi… |
CVE-2024-2392 | Medium | 6.4 | 2024-03-22 | The Blocksy Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Newsletter widget in all versions up to, and including… |
CVE-2022-4974 | Medium | 6.3 | 2024-10-16 | The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to… |
CVE-2026-12430 | Medium | 4.4 | 2026-06-19 | The Blocksy Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.1.45 due to… |