Vulnerabilities > Creativethemes > Blocksy Companion > 2.0.21
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-03 | CVE-2024-35633 | Unspecified vulnerability in Creativethemes Blocksy Companion Server-Side Request Forgery (SSRF) vulnerability in CreativeThemes Blocksy Companion.This issue affects Blocksy Companion: from n/a through 2.0.42. | 4.9 |
| 2024-05-14 | CVE-2024-4487 | Cross-site Scripting vulnerability in Creativethemes Blocksy Companion The Blocksy Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG uploads in versions up to, and including, 2.0.45 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-04-11 | CVE-2024-31932 | Unspecified vulnerability in Creativethemes Blocksy Companion Cross-Site Request Forgery (CSRF) vulnerability in CreativeThemes Blocksy Companion.This issue affects Blocksy Companion: from n/a through 2.0.28. | 8.8 |
| 2024-03-22 | CVE-2024-2392 | Cross-site Scripting vulnerability in Creativethemes Blocksy Companion The Blocksy Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Newsletter widget in all versions up to, and including, 2.0.31 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |