VYPR

C9 Blocks

by WordPress

CVEs (2)

  • CVE-2025-26951MedApr 15, 2025
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in covertnine C9 Blocks c9-blocks allows DOM-Based XSS.This issue affects C9 Blocks: from n/a through <= 1.7.7.

  • CVE-2024-13537MedFeb 21, 2025
    risk 0.34cvss 5.3epss 0.00

    The C9 Blocks plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.7.7. This is due the plugin containing a publicly accessible composer-setup.php file with error display enabled. This makes it possible for unauthenticated attackers…