Blocksy Companion

Creative Themes

Developer

2.1.23

Latest version

300,000

Installations

No date

Last updated

WordPress Plugin

Active VDP

Report vulnerability

Vulnerabilities

Security Policy

Security Contributors

Vulnerability history

0 present

12 fixed

5 Mitigation rules

Authenticated (Author+) Arbitrary File Upload via SVG Upload Bypass vulnerability
<= 2.1.19
Nov 11, 2025
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
<= 2.1.14
Oct 6, 2025
Authenticated (Contributor+) Stored Cross-Site Scripting via blocksy_newsletter_subscribe Shortcode vulnerability
<= 2.1.10
Sep 16, 2025
Server Side Request Forgery (SSRF) vulnerability
<= 2.0.42
May 30, 2024
Authenticated (Contributor+) Stored Cross-Site Scripting via SVG Uploads vulnerability
<= 2.0.45
May 13, 2024
Cross Site Request Forgery (CSRF) vulnerability
<= 2.0.28
Apr 10, 2024
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
<= 2.0.31
Mar 21, 2024
Reflected Cross Site Scripting (XSS) vulnerability
<= 1.8.46
Jul 19, 2023
Subscriber+ Draft Post Access vulnerability
< 1.8.82
Apr 17, 2023
Cross Site Scripting (XSS) vulnerability
<= 1.8.67
Jan 27, 2023
Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
< 1.8.20
Feb 28, 2022
Sensitive Information Disclosure vulnerability
< 1.8.20
Feb 28, 2022