CVE-2025-9565

Published
View on NVD ↗
CVSS v3
6.4
MEDIUM
CVSS v2
N/A
Affected
1
PROJECT

Description

The Blocksy Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's blocksy_newsletter_subscribe shortcode in all versions up to, and including, 2.1.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Blocksy Companion
Blocksy Companion
<p>Blocksy Companion is the official plugin that extends the power of the <a href="https://wordpress.org/themes/blocksy/" rel="ugc">Blocksy WordPress theme</a>. It unlocks extra features, premium integrations, and beautifully designed starter sites that help you build fast, modern, and fully customizable websites with ease.</p> <p>With Blocksy Companion, you get access to a growing library of starter sites, advanced WooCommerce enhancements, and exclusive extensions that take your website to the next level. Whether you’re creating a personal blog, a business website, or a professional online store, this plugin provides the tools you need to design stunning layouts and improve your workflow.</p> <p>Built for performance and flexibility, Blocksy Companion integrates seamlessly with popular WordPress plugins like WooCommerce, Elementor, Brizy, Beaver Builder, WPML and ACF. It gives you powerful customization options, dynamic features, and optimized code — all without slowing down your site.</p> <h4>Key features:</h4> <ul> <li><strong>Starter Sites Library</strong> – import professionally designed demo sites with one click and kickstart your project.</li> <li><strong>Extra Extensions</strong> – unlock advanced features such as Cookies Consent, Custom Code Snippets, Trending Posts, and more.</li> <li><strong>WooCommerce Enhancements</strong> – boost your online store with additional customization options and modern layouts.</li> <li><strong>Page Builder Ready</strong> – works perfectly with Elementor, Brizy, Beaver Builder, and other popular WordPress page builders.</li> <li><strong>Advanced Integrations</strong> – seamless compatibility with Mailchimp, Rank Math, WPML, and other top WordPress plugins.</li> <li><strong>Performance Focused</strong> – lightweight, fast, and optimized for speed to ensure a smooth user experience.</li> <li><strong>Developer Friendly</strong> – clean, extendable codebase that makes customization and scaling easy.</li> </ul> <h4>Minimum Requirements</h4> <ul> <li>WordPress 5.0 or greater</li> <li>PHP version 7.0 or greater</li> </ul>
WordPress Plugin DirectoryWordPress Plugin Directory
17.1M