Lucene search
K

124 matches found

NVD
NVD
added 4 hours ago6 views

CVE-2026-58480

Blocksy Companion Pro plugin for WordPress before 2.1.47 contains an unauthenticated arbitrary file upload vulnerability that allows attackers to upload executable files by bypassing extension validation in the saveattachments function exposed through the Advanced Reviews feature. Attackers can...

9.8CVSS
Exploits0References4
CVE
CVE
added 5 hours ago4 views

CVE-2026-58480

Blocksy Companion Pro

9.8CVSS6.4AI score
Exploits0References4
EUVD
EUVD
added 5 hours ago3 views

EUVD-2026-42233

Blocksy Companion Pro plugin for WordPress before 2.1.47 contains an unauthenticated arbitrary file upload vulnerability that allows attackers to upload executable files by bypassing extension validation in the saveattachments function exposed through the Advanced Reviews feature. Attackers can...

9.8CVSS6.4AI score
Exploits0References4
NVD
NVD
added 6 days ago7 views

CVE-2026-57624

Unauthenticated Remote Code Execution RCE in Blocksy Companion Pro = 2.1.46 versions...

10CVSS0.00697EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago38 views

CVE-2026-57624 WordPress Blocksy Companion Pro plugin <= 2.1.46 - Remote Code Execution (RCE) vulnerability

Unauthenticated Remote Code Execution RCE in Blocksy Companion Pro = 2.1.46 versions...

10CVSS0.00697EPSS
Exploits0References1
EUVD
EUVD
added 6 days ago6 views

EUVD-2026-41278

Unauthenticated Remote Code Execution RCE in Blocksy Companion Pro = 2.1.46 versions...

10CVSS5.9AI score0.00697EPSS
Exploits0References1
CVE
CVE
added 6 days ago19 views

CVE-2026-57624

CVE-2026-57624 : Unauthenticated Remote Code Execution in WordPress Blocksy Companion Pro plugin (versions

10CVSS5.9AI score0.00697EPSS
In wildExploits0References1
Patchstack
Patchstack
added 6 days ago8 views

WordPress Blocksy Companion plugin <= 2.1.46 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Blocksy Companion versions = 2.1.46...

5.8AI score
Exploits0References1Affected Software1
NVD
NVD
added 2026/06/26 3:16 p.m.8 views

CVE-2026-57630

Unauthenticated Insecure Direct Object References IDOR in Blocksy Companion Pro = 2.1.46 versions...

5.3CVSS0.00228EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 3:16 p.m.6 views

CVE-2026-57315

Contributor Remote Code Execution RCE in Blocksy Companion Pro = 2.1.45 versions...

8.5CVSS0.00351EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 2:53 p.m.21 views

CVE-2026-57630

CVE-2026-57630 describes an Unauthenticated Insecure Direct Object References (IDOR) vulnerability in the WordPress plugin Blocksy Companion Pro (versions

5.3CVSS5.8AI score0.00228EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 2:53 p.m.43 views

CVE-2026-57630 WordPress Blocksy Companion Pro plugin <= 2.1.46 - Insecure Direct Object References (IDOR) vulnerability

Unauthenticated Insecure Direct Object References IDOR in Blocksy Companion Pro = 2.1.46 versions...

5.3CVSS0.00228EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 2:53 p.m.5 views

EUVD-2026-39746

Unauthenticated Insecure Direct Object References IDOR in Blocksy Companion Pro = 2.1.46 versions...

5.3CVSS5.8AI score0.00228EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 2:52 p.m.19 views

CVE-2026-57315

CVE-2026-57315 affects the WordPress Blocksy Companion Pro plugin up to version 2.1.45. The connected sources confirm a Remote Code Execution (RCE) vulnerability in this product/version, but do not provide details on root cause, affected files, exploitation steps, or available mitigations. The CV...

8.5CVSS5.9AI score0.00351EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 2:52 p.m.30 views

CVE-2026-57315 WordPress Blocksy Companion Pro plugin <= 2.1.45 - Remote Code Execution (RCE) vulnerability

Contributor Remote Code Execution RCE in Blocksy Companion Pro = 2.1.45 versions...

8.5CVSS0.00351EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 2:52 p.m.5 views

EUVD-2026-39728

Contributor Remote Code Execution RCE in Blocksy Companion Pro = 2.1.45 versions...

8.5CVSS5.9AI score0.00351EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/26 12:20 p.m.8 views

WordPress Blocksy Companion Pro plugin <= 2.1.46 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Austin Ginder in WordPress Plugin Blocksy Companion Pro versions = 2.1.46...

5.3CVSS5.8AI score0.00228EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/06/19 6:17 a.m.12 views

CVE-2026-12430

The Blocksy Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.1.45 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level permissions and...

4.4CVSS0.00208EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/19 4:31 a.m.29 views

CVE-2026-12430 Blocksy Companion <= 2.1.45 - Authenticated (Editor+) Stored Cross-Site Scripting via 'product_description' Parameter

The Blocksy Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.1.45 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level permissions and...

4.4CVSS0.00208EPSS
Exploits0References8
CVE
CVE
added 2026/06/19 4:31 a.m.18 views

CVE-2026-12430

The CVE-2026-12430 entry concerns the Blocksy Companion WordPress plugin (

4.4CVSS5.9AI score0.00208EPSS
Exploits0References8
Rows per page
Query Builder