Vulnerabilities and security researches forcozy-addons cozy-addons

May 09, 2025

CVE, Research URL: CVE-2025-47485
Home page URL: Security reports for Cozy Blocks – Page Builder Blocks for FSE and Gutenberg Editor, Gutenberg Blocks, WooCommerce Blocks, Post Blocks, Slider
Application: Cozy Blocks – Page Builder Blocks for FSE and Gutenberg Editor, Gutenberg Blocks, WooCommerce Blocks, Post Blocks, Slider
Date: May 07, 2025
Research Description: Missing Authorization vulnerability in CozyThemes Cozy Blocks allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Cozy Blocks: from n/a through 2.1.22.
Affected versions: Min -, max -.
Status: vulnerable

Apr 02, 2025

CVE, Research URL: CVE-2025-30838
Home page URL: Security reports for Cozy Blocks – Page Builder Blocks for FSE and Gutenberg Editor, Gutenberg Blocks, WooCommerce Blocks, Post Blocks, Slider
Application: Cozy Blocks – Page Builder Blocks for FSE and Gutenberg Editor, Gutenberg Blocks, WooCommerce Blocks, Post Blocks, Slider
Date: Mar 27, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CozyThemes Cozy Blocks allows Stored XSS. This issue affects Cozy Blocks: from n/a through 2.1.6.
Affected versions: Min -, max -.
Status: vulnerable

Oct 28, 2024

CVE, Research URL: CVE-2024-50441
Home page URL: Security reports for Cozy Blocks – Page Builder Blocks for FSE and Gutenberg Editor, Gutenberg Blocks, WooCommerce Blocks, Post Blocks, Slider
Application: Cozy Blocks – Page Builder Blocks for FSE and Gutenberg Editor, Gutenberg Blocks, WooCommerce Blocks, Post Blocks, Slider
Date: -
Research Description: Cozy Blocks – Page Builder for Gutenberg & Site Editor,Post Blocks, WooCommerce Blocks, Magazine Blocks, WordPress Gutenberg Blocks, Patterns and Templates Library [cozy-addons] < 2.0.16 CVE-2024-50441
Affected versions: Min -, max -.
Status: vulnerable

Oct 03, 2024

CVE, Research URL: CVE-2024-47355
Home page URL: Security reports for Cozy Blocks – Page Builder Blocks for FSE and Gutenberg Editor, Gutenberg Blocks, WooCommerce Blocks, Post Blocks, Slider
Application: Cozy Blocks – Page Builder Blocks for FSE and Gutenberg Editor, Gutenberg Blocks, WooCommerce Blocks, Post Blocks, Slider
Date: Oct 06, 2024
Research Description: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CozyThemes Cozy Blocks allows Stored XSS.This issue affects Cozy Blocks: from n/a through 2.0.11.
Affected versions: Min -, max -.
Status: vulnerable

Jun 07, 2024

CVE, Research URL: f86585b6143ce861327fe42480b14d46c273090c
Home page URL: Security reports for Cozy Blocks – Page Builder Blocks for FSE and Gutenberg Editor, Gutenberg Blocks, WooCommerce Blocks, Post Blocks, Slider
Application: Cozy Blocks – Page Builder Blocks for FSE and Gutenberg Editor, Gutenberg Blocks, WooCommerce Blocks, Post Blocks, Slider
Date: Jul 18, 2023
Research Description: Cozy Blocks – Page Builder for Gutenberg & Site Editor,Post Blocks, WooCommerce Blocks, Magazine Blocks, WordPress Gutenberg Blocks, Patterns and Templates Library [cozy-addons] < 1.2.4 WordPress Cozy Addons for Elementor Plugin <= 1.2.3 is vulnerable to Cross Site Scripting (XSS) Update the WordPress Cozy Addons for Elementor plugin to the latest available version (at least 1.2.4). Rafie Muhammad (Patchstack) discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress Cozy Addons for Elementor Plugin. This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has been fixed in version 1.2.4.
Affected versions: Min -, max -.
Status: vulnerable