Vulnerabilities > Creativethemes
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-04-11 | CVE-2024-31932 | Unspecified vulnerability in Creativethemes Blocksy Companion Cross-Site Request Forgery (CSRF) vulnerability in CreativeThemes Blocksy Companion.This issue affects Blocksy Companion: from n/a through 2.0.28. | 8.8 |
| 2024-03-22 | CVE-2024-2392 | Cross-site Scripting vulnerability in Creativethemes Blocksy Companion The Blocksy Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Newsletter widget in all versions up to, and including, 2.0.31 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-03-09 | CVE-2024-1767 | Cross-site Scripting vulnerability in Creativethemes Blocksy The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's blocks in all versions up to, and including, 2.0.26 due to insufficient input sanitization and output escaping on user supplied attributes like 'className' and 'radius'. | 5.4 |
| 2024-02-08 | CVE-2024-24871 | Unspecified vulnerability in Creativethemes Blocksy Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Creative Themes Blocksy allows Stored XSS.This issue affects Blocksy: from n/a through 2.0.19. | 5.4 |
| 2023-05-02 | CVE-2023-1911 | Unspecified vulnerability in Creativethemes Blocksy Companion The Blocksy Companion WordPress plugin before 1.8.82 does not ensure that posts to be accessed via a shortcode are already public and can be viewed, allowing any authenticated users, such as subscriber to access draft posts for example | 4.3 |
| 2023-04-06 | CVE-2023-23898 | Unspecified vulnerability in Creativethemes Blocksy Companion Auth. | 5.4 |