VulnTitan VulnTitan Security command center
Plugin Vulnerability Hub
Plugin 6 known issues Latest disclosed Sep 22, 2025

Cozy Blocks – All-in-One Website Builder with Gutenberg Blocks, 500+ Patterns and 40+ Homepage Templates for Full Site Editing (FSE) Vulnerabilities

Review known vulnerability records for the WordPress plugin Cozy Blocks – All-in-One Website Builder with Gutenberg Blocks, 500+ Patterns and 40+ Homepage Templates for Full Site Editing (FSE) (`cozy-addons`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2025-59573, CVE-2025-47485 and CVE-2025-30838, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed
Known Records
6
High or Critical
0
Patch Coverage
100%
Last Updated
Sep 26, 2025
Priority CVE Quick Links

Fast paths into Cozy Blocks – All-in-One Website Builder with Gutenberg Blocks, 500+ Patterns and 40+ Homepage Templates for Full Site Editing (FSE) CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs
6
CVE-2025-59573 Medium 2.1.30
CVE-2025-59573 Cozy Blocks – All-in-One Website Builder with Gutenberg Blocks, 500+ Patterns and 40+ Homepage Templates for Full Site Editing (FSE) Vulnerability

Cozy Blocks <= 2.1.29 - Unauthenticated Arbitrary Shortcode Execution

CVE-2025-30838 Medium 2.1.7
CVE-2025-30838 Cozy Blocks – All-in-One Website Builder with Gutenberg Blocks, 500+ Patterns and 40+ Homepage Templates for Full Site Editing (FSE) Stored Cross-Site Scripting

Cozy Blocks <= 2.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

CVE-2024-50502 Medium 2.0.19
CVE-2024-50502 Cozy Blocks – All-in-One Website Builder with Gutenberg Blocks, 500+ Patterns and 40+ Homepage Templates for Full Site Editing (FSE) Stored Cross-Site Scripting

Cozy Blocks <= 2.0.18 - Authenticated (Contributor+) Stored Cross-Site Scripting

CVE-2024-50441 Medium 2.0.16
CVE-2024-50441 Cozy Blocks – All-in-One Website Builder with Gutenberg Blocks, 500+ Patterns and 40+ Homepage Templates for Full Site Editing (FSE) Stored Cross-Site Scripting

Cozy Blocks <= 2.0.15 - Authenticated (Contributor+) Stored Cross-Site Scripting

CVE-2024-47355 Medium 2.0.12
CVE-2024-47355 Cozy Blocks – All-in-One Website Builder with Gutenberg Blocks, 500+ Patterns and 40+ Homepage Templates for Full Site Editing (FSE) Stored Cross-Site Scripting

Cozy Blocks <= 2.0.11 - Authenticated (Contributor+) Stored Cross-Site Scripting

CVE-2025-47485 Medium 2.1.23
CVE-2025-47485 Cozy Blocks – All-in-One Website Builder with Gutenberg Blocks, 500+ Patterns and 40+ Homepage Templates for Full Site Editing (FSE) Vulnerability

Cozy Blocks <= 2.1.22 - Missing Authorization

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for Cozy Blocks – All-in-One Website Builder with Gutenberg Blocks, 500+ Patterns and 40+ Homepage Templates for Full Site Editing (FSE) so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility
6 records include a published patch path, leaving 0 with no listed safe release yet.
Severity Mix
0 critical and 0 high severity findings.
Recent CVEs
CVE-2025-59573, CVE-2025-47485 and CVE-2025-30838
Reference Workflow
Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.
Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

Known Vulnerabilities

Reports for Cozy Blocks – All-in-One Website Builder with Gutenberg Blocks, 500+ Patterns and 40+ Homepage Templates for Full Site Editing (FSE)

Sorted by latest disclosure date so newly published issues surface first.

Plugin Medium Patched: Yes CVE-2025-59573
CVE-2025-59573: Cozy Blocks <= 2.1.29 - Unauthenticated Arbitrary Shortcode Execution

The The Cozy Blocks – All-in-One Page Builder Blocks for Gutenberg and Full Site Editing (FSE) plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.1.29. This is due to the software allowing users to execute an action that do...

Published
Sep 22, 2025
Patched Release
2.1.30
Affected Versions
Versions up to 2.1.29
Next Step
Update to 2.1.30 or newer if supported.
Open CVE-2025-59573 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-47485
CVE-2025-47485: Cozy Blocks <= 2.1.22 - Missing Authorization

The Cozy Blocks – Page Builder for Gutenberg & Site Editor with Post Blocks, WooCommerce Blocks, Magazine Blocks & WordPress Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several REST API endpoints in all versions...

Published
May 07, 2025
Patched Release
2.1.23
Affected Versions
Versions up to 2.1.22
Next Step
Update to 2.1.23 or newer if supported.
Open CVE-2025-47485 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-30838
CVE-2025-30838: Cozy Blocks <= 2.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Cozy Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to in...

Published
Mar 27, 2025
Patched Release
2.1.7
Affected Versions
Versions up to 2.1.6
Next Step
Update to 2.1.7 or newer if supported.
Open CVE-2025-30838 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-50502
CVE-2024-50502: Cozy Blocks <= 2.0.18 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Cozy Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.0.18 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to i...

Published
Oct 25, 2024
Patched Release
2.0.19
Affected Versions
Versions up to 2.0.18
Next Step
Update to 2.0.19 or newer if supported.
Open CVE-2024-50502 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-50441
CVE-2024-50441: Cozy Blocks <= 2.0.15 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Cozy Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.0.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to i...

Published
Oct 24, 2024
Patched Release
2.0.16
Affected Versions
Versions up to 2.0.15
Next Step
Update to 2.0.16 or newer if supported.
Open CVE-2024-50441 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-47355
CVE-2024-47355: Cozy Blocks <= 2.0.11 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Cozy Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.0.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to i...

Published
Sep 30, 2024
Patched Release
2.0.12
Affected Versions
Versions up to 2.0.11
Next Step
Update to 2.0.12 or newer if supported.
Open CVE-2024-47355 Report Open CVE Reference