832 matches found
CVE-2026-57624
Unauthenticated Remote Code Execution RCE in Blocksy Companion Pro = 2.1.46 versions...
CVE-2026-57624
CVE-2026-57624 : Unauthenticated Remote Code Execution in WordPress Blocksy Companion Pro plugin (versions
EUVD-2026-41278
Unauthenticated Remote Code Execution RCE in Blocksy Companion Pro = 2.1.46 versions...
CVE-2026-57624 WordPress Blocksy Companion Pro plugin <= 2.1.46 - Remote Code Execution (RCE) vulnerability
Unauthenticated Remote Code Execution RCE in Blocksy Companion Pro = 2.1.46 versions...
Hunk Companion <= 1.8.4 - Arbitrary Plugin Installation
The Hunk Companion plugin for WordPress is vulnerable to unauthorized plugin installation/activation due to a missing capability check on the /wp-json/hc/v1/themehunk-import REST API endpoint in all versions up to, and including, 1.8.4. This makes it possible for unauthenticated attackers to...
Companion Sitemap Generator < 4.5.3 - Cross-Site Scripting
The plugin does not sanitise and escape some parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin. id: CVE-2023-1780 info: name: Companion Sitemap Generator 4.5.3 - Cross-Site Scripting author:...
Hunk Companion < 1.9.0 - Unauthenticated Plugin Installation
The plugin does not correctly authorize some REST API endpoints, allowing unauthenticated requests to install and activate arbitrary plugins from the WordPress.org repo, including vulnerable plugins that have been closed. id: CVE-2024-11972 info: name: Hunk Companion 1.9.0 - Unauthenticated Plugi...
WordPress Blocksy Companion plugin <= 2.1.46 - Unauthenticated Arbitrary File Upload vulnerability
Unauthenticated Arbitrary File Upload vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Blocksy Companion versions = 2.1.46...
CVE-2026-55844 Home Assistant: iOS Companion App ignores internal SSID allowlist for connections – possible leak of access token and sensor data
Home Assistant is open source home automation software that puts local control and privacy first. Prior to 2025.5.0, The iOS companion app ignores the SSID allowlist for internal networks. The app uses SSID to detect when to use the internal URL, but whenever the app cannot find any other URL to ...
CVE-2026-57630
Unauthenticated Insecure Direct Object References IDOR in Blocksy Companion Pro = 2.1.46 versions...
CVE-2026-57315
Contributor Remote Code Execution RCE in Blocksy Companion Pro = 2.1.45 versions...
CVE-2026-54832
Unauthenticated Broken Access Control in Gutenverse Companion = 2.5.0 versions...
CVE-2026-57630
CVE-2026-57630 describes an Unauthenticated Insecure Direct Object References (IDOR) vulnerability in the WordPress plugin Blocksy Companion Pro (versions
EUVD-2026-39746
Unauthenticated Insecure Direct Object References IDOR in Blocksy Companion Pro = 2.1.46 versions...
CVE-2026-57630 WordPress Blocksy Companion Pro plugin <= 2.1.46 - Insecure Direct Object References (IDOR) vulnerability
Unauthenticated Insecure Direct Object References IDOR in Blocksy Companion Pro = 2.1.46 versions...
EUVD-2026-39728
Contributor Remote Code Execution RCE in Blocksy Companion Pro = 2.1.45 versions...
CVE-2026-57315 WordPress Blocksy Companion Pro plugin <= 2.1.45 - Remote Code Execution (RCE) vulnerability
Contributor Remote Code Execution RCE in Blocksy Companion Pro = 2.1.45 versions...
CVE-2026-57315
CVE-2026-57315 affects the WordPress Blocksy Companion Pro plugin up to version 2.1.45. The connected sources confirm a Remote Code Execution (RCE) vulnerability in this product/version, but do not provide details on root cause, affected files, exploitation steps, or available mitigations. The CV...
EUVD-2026-39676
Unauthenticated Broken Access Control in Gutenverse Companion = 2.5.0 versions...
CVE-2026-54832 WordPress Gutenverse Companion plugin <= 2.5.0 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in Gutenverse Companion = 2.5.0 versions...