Lucene search
K

133 matches found

NVD
NVD
added yesterday7 views

CVE-2026-15158

The Blocksy Companion plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 2.1.46 via the saveattachments function. This is due to the Custom Fonts extension registering a wpcheckfiletypeandext filter that approves any filename containing .woff2 or .tt...

9.8CVSS0.00995EPSS
Exploits0References3
EUVD
EUVD
added yesterday5 views

EUVD-2026-42549

The Blocksy Companion plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 2.1.46 via the saveattachments function. This is due to the Custom Fonts extension registering a wpcheckfiletypeandext filter that approves any filename containing .woff2 or .tt...

9.8CVSS6.6AI score0.00995EPSS
Exploits0References3
CVE
CVE
added yesterday9 views

CVE-2026-15158

Blocksy Companion

9.8CVSS6.6AI score0.00995EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added yesterday4 views

CVE-2026-15158

The Blocksy Companion plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 2.1.46 via the saveattachments function. This is due to the Custom Fonts extension registering a wpcheckfiletypeandext filter that approves any filename containing .woff2 or .tt...

9.8CVSS6.6AI score0.00995EPSS
Exploits0References4
Cvelist
Cvelist
added yesterday12 views

CVE-2026-15158 Blocksy Companion <= 2.1.46 - Unauthenticated Arbitrary File Upload via 'blc-review-images[]' Parameter

The Blocksy Companion plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 2.1.46 via the saveattachments function. This is due to the Custom Fonts extension registering a wpcheckfiletypeandext filter that approves any filename containing .woff2 or .tt...

9.8CVSS0.00995EPSS
Exploits0References3
NVD
NVD
added 2 days ago8 views

CVE-2026-58480

Blocksy Companion Pro plugin for WordPress before 2.1.47 contains an unauthenticated arbitrary file upload vulnerability that allows attackers to upload executable files by bypassing extension validation in the saveattachments function exposed through the Advanced Reviews feature. Attackers can...

9.8CVSS0.00605EPSS
Exploits0References4
CVE
CVE
added 2 days ago10 views

CVE-2026-58480

Blocksy Companion Pro

9.8CVSS6.4AI score0.00605EPSS
Exploits0References4
EUVD
EUVD
added 2 days ago4 views

EUVD-2026-42233

Blocksy Companion Pro plugin for WordPress before 2.1.47 contains an unauthenticated arbitrary file upload vulnerability that allows attackers to upload executable files by bypassing extension validation in the saveattachments function exposed through the Advanced Reviews feature. Attackers can...

9.8CVSS6.4AI score0.00605EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2 days ago9 views

PT-2026-56414

Name of the Vulnerable Software and Affected Versions Blocksy Companion Pro plugin for WordPress versions prior to 2.1.47 Description An unauthenticated arbitrary file upload issue exists within the Advanced Reviews feature. The save attachments function fails to properly validate file extensions...

9.8CVSS6.3AI score0.00605EPSS
Exploits0References7
NVD
NVD
added 2026/07/02 12:17 p.m.8 views

CVE-2026-57624

Unauthenticated Remote Code Execution RCE in Blocksy Companion Pro = 2.1.46 versions...

10CVSS0.00697EPSS
Exploits0References1
CVE
CVE
added 2026/07/02 11:15 a.m.23 views

CVE-2026-57624

CVE-2026-57624 : Unauthenticated Remote Code Execution in WordPress Blocksy Companion Pro plugin (versions

10CVSS5.9AI score0.00697EPSS
In wildExploits0References1
EUVD
EUVD
added 2026/07/02 11:15 a.m.8 views

EUVD-2026-41278

Unauthenticated Remote Code Execution RCE in Blocksy Companion Pro = 2.1.46 versions...

10CVSS5.9AI score0.00697EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/02 11:15 a.m.40 views

CVE-2026-57624 WordPress Blocksy Companion Pro plugin <= 2.1.46 - Remote Code Execution (RCE) vulnerability

Unauthenticated Remote Code Execution RCE in Blocksy Companion Pro = 2.1.46 versions...

10CVSS0.00697EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/07/02 7:0 a.m.9 views

WordPress Blocksy Companion plugin <= 2.1.46 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Blocksy Companion versions = 2.1.46...

5.8AI score
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.10 views

PT-2026-55010

Name of the Vulnerable Software and Affected Versions Blocksy Companion Pro versions prior to 2.1.47 Description An unauthenticated remote code execution flaw allows an attacker to execute arbitrary code on the site without requiring login credentials. Recommendations Update to a version newer th...

10CVSS6.8AI score0.00697EPSS
Exploits0References5
NVD
NVD
added 2026/06/26 3:16 p.m.8 views

CVE-2026-57630

Unauthenticated Insecure Direct Object References IDOR in Blocksy Companion Pro = 2.1.46 versions...

5.3CVSS0.00228EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 3:16 p.m.6 views

CVE-2026-57315

Contributor Remote Code Execution RCE in Blocksy Companion Pro = 2.1.45 versions...

8.5CVSS0.00351EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 2:53 p.m.21 views

CVE-2026-57630

CVE-2026-57630 describes an Unauthenticated Insecure Direct Object References (IDOR) vulnerability in the WordPress plugin Blocksy Companion Pro (versions

5.3CVSS5.8AI score0.00228EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 2:53 p.m.5 views

EUVD-2026-39746

Unauthenticated Insecure Direct Object References IDOR in Blocksy Companion Pro = 2.1.46 versions...

5.3CVSS5.8AI score0.00228EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 2:53 p.m.46 views

CVE-2026-57630 WordPress Blocksy Companion Pro plugin <= 2.1.46 - Insecure Direct Object References (IDOR) vulnerability

Unauthenticated Insecure Direct Object References IDOR in Blocksy Companion Pro = 2.1.46 versions...

5.3CVSS0.00228EPSS
Exploits0References1
Rows per page
Query Builder