Vulnerabilities > Creativethemes

DATE CVE VULNERABILITY TITLE RISK
2024-02-08 CVE-2024-24871 Cross-site Scripting vulnerability in Creativethemes Blocksy
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Creative Themes Blocksy allows Stored XSS.This issue affects Blocksy: from n/a through 2.0.19.
network
low complexity
creativethemes CWE-79
5.4
2023-05-02 CVE-2023-1911 Unspecified vulnerability in Creativethemes Blocksy Companion
The Blocksy Companion WordPress plugin before 1.8.82 does not ensure that posts to be accessed via a shortcode are already public and can be viewed, allowing any authenticated users, such as subscriber to access draft posts for example
network
low complexity
creativethemes
4.3
2023-04-06 CVE-2023-23898 Cross-site Scripting vulnerability in Creativethemes Blocksy Companion
Auth.
network
low complexity
creativethemes CWE-79
5.4