CVE-2025-12475 | Blocksy Companion Plugin up to 2.1.14 on WordPress Shortcode blocksy_newsletter_subscribe cross site scripting

October 30, 2025 Yanac

A vulnerability, which was classified as problematic, was found in Blocksy Companion Plugin up to 2.1.14 on WordPress. Impacted is the function blocksy_newsletter_subscribe of the component Shortcode Handler. Such manipulation leads to cross site scripting.

This vulnerability is referenced as CVE-2025-12475. It is possible to launch the attack remotely. No exploit is available.VulDB Recent EntriesRead More