Blocksy Companion

Creative Themes

Developer

2.1.37

Latest version

300,000

Installations

No date

Last updated

WordPress Plugin

Active VDP

Report vulnerability

Vulnerabilities

Security Policy

Security Contributors

Vulnerability history

0 present

12 patched

5 Mitigation rules

Authenticated (Author+) Arbitrary File Upload via SVG Upload Bypass vulnerability
<= 2.1.19
11/11/2025
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
<= 2.1.14
06/10/2025
Authenticated (Contributor+) Stored Cross-Site Scripting via blocksy_newsletter_subscribe Shortcode vulnerability
<= 2.1.10
16/09/2025
Server Side Request Forgery (SSRF) vulnerability
<= 2.0.42
30/05/2024
Authenticated (Contributor+) Stored Cross-Site Scripting via SVG Uploads vulnerability
<= 2.0.45
13/05/2024
Cross Site Request Forgery (CSRF) vulnerability
<= 2.0.28
10/04/2024
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
<= 2.0.31
21/03/2024
Reflected Cross Site Scripting (XSS) vulnerability
<= 1.8.46
19/07/2023
Subscriber+ Draft Post Access vulnerability
< 1.8.82
17/04/2023
Cross Site Scripting (XSS) vulnerability
<= 1.8.67
27/01/2023
Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
< 1.8.20
28/02/2022
Sensitive Information Disclosure vulnerability
< 1.8.20
28/02/2022