CVE-2026-57630

Unauthenticated Insecure Direct Object References IDOR in Blocksy Companion Pro = 2.1.46 versions...

CVE-2026-57315

Contributor Remote Code Execution RCE in Blocksy Companion Pro = 2.1.45 versions...

CVE-2026-57630

CVE-2026-57630 describes an Unauthenticated Insecure Direct Object References (IDOR) vulnerability in the WordPress plugin Blocksy Companion Pro (versions

EUVD-2026-39746

Unauthenticated Insecure Direct Object References IDOR in Blocksy Companion Pro = 2.1.46 versions...

CVE-2026-57315

CVE-2026-57315 affects the WordPress Blocksy Companion Pro plugin up to version 2.1.45. The connected sources confirm a Remote Code Execution (RCE) vulnerability in this product/version, but do not provide details on root cause, affected files, exploitation steps, or available mitigations. The CV...

EUVD-2026-39728

Contributor Remote Code Execution RCE in Blocksy Companion Pro = 2.1.45 versions...

WordPress Blocksy Companion Pro plugin <= 2.1.46 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Austin Ginder in WordPress Plugin Blocksy Companion Pro versions = 2.1.46...

CVE-2026-12430

The Blocksy Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.1.45 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level permissions and...

CVE-2026-12430 Blocksy Companion <= 2.1.45 - Authenticated (Editor+) Stored Cross-Site Scripting via 'product_description' Parameter

The Blocksy Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.1.45 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level permissions and...

CVE-2026-12430

The CVE-2026-12430 entry concerns the Blocksy Companion WordPress plugin (

EUVD-2026-37989

The Blocksy Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.1.45 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level permissions and...

PT-2026-50838

Name of the Vulnerable Software and Affected Versions Blocksy Companion versions prior to 2.1.46 Description The Blocksy Companion plugin for WordPress contains a Stored Cross-Site Scripting issue within the admin settings caused by insufficient input sanitization and output escaping. This allows...

WordPress Blocksy Companion plugin <= 2.1.45 - Authenticated (Editor+) Stored Cross-Site Scripting vulnerability

Authenticated Editor+ Stored Cross-Site Scripting vulnerability discovered by Pasindu Dilshan K4PXD - HACK KAP PVT LTD in WordPress Plugin Blocksy Companion versions = 2.1.45...

EUVD-2026-37605

Contributor Remote Code Execution RCE in Blocksy Companion Pro = 2.1.37 versions...

EUVD-2026-37589

Unauthenticated SQL Injection in Blocksy Companion Pro 2.1.29 versions...

CVE-2026-40783

Contributor Remote Code Execution RCE in Blocksy Companion Pro = 2.1.37 versions...

CVE-2026-39596

Unauthenticated SQL Injection in Blocksy Companion Pro 2.1.29 versions...

CVE-2026-40783

The CVE concerns WordPress Blocksy Companion Pro plugin, affected at versions

CVE-2026-40783 WordPress Blocksy Companion Pro plugin <= 2.1.37 - Remote Code Execution (RCE) vulnerability

Contributor Remote Code Execution RCE in Blocksy Companion Pro = 2.1.37 versions...

CVE-2026-39596

The CVE covers WordPress Blocksy Companion Pro plugin, vulnerable in versions