CVE-2025-12846 | Blocksy Companion Plugin up to 2.1.19 on WordPress SVG File Parser unrestricted upload

Inserito da Angelo Barbosa | Nov 11, 2025 | CVE

A vulnerability categorized as critical has been discovered in Blocksy Companion Plugin up to 2.1.19 on WordPress. The impacted element is an unknown function of the component SVG File Parser. Executing manipulation can lead to unrestricted upload.

This vulnerability is tracked as CVE-2025-12846. The attack can be launched remotely. No exploit exists.

CVE-2025-12846 | Blocksy Companion Plugin up to 2.1.19 on WordPress SVG File Parser unrestricted upload

Post correlati

CVE-2024-27970 | BogdanFix WP SendFox Plugin up to 1.3.0 on WordPress authorization

CVE-2024-5679 | Schneider Electric EcoStruxure Foxboro DCS Core Control Services up to 9.8 Kernel Memory Foxboro.sys out-of-bounds write (SEVD-2024-191-02)

CVE-2024-4409 | WP-ViperGB Plugin up to 1.6.1 on WordPress cross-site request forgery

CVE-2024-8345 | SourceCodester Music Gallery Site 1.0 Users.php id sql injection