As far as I know, blockchain.com fixed that vulnirability and patched it. The issue is that they refused to pay the bug bounty to the person who discovered it. It was
BayAreaCoinsYou can read the full story from here:
https://bitcointalk.org/index.php?topic=5193539.0Web wallets are the worst (be it blockchain.com or any other service) and no one should use them.
I did not know this story and the reputation of Blockchain.com is destroyed by their refusal to pay bug bounty for @BayAreaCoins.
I used Blockchain.com wallet as my first bitcoin wallet but later I did not use it. I don't want to get issue to sync my account and confirm the legitimacy of my log in on different devices.
Immediately after I knew of Electrum wallet, I used it and forget about Blockchain.com wallet. It is inconvenient for me to have access to my email just to log in my blockchain wallet on the same device. I don't want to put them all on one device. This feature is not good, for me. That story keeps me staying farther from that wallet.