Lucene search
+L

853 matches found

Nuclei
Nuclei
added 7 hours ago38 views

Hunk Companion <= 1.8.4 - Arbitrary Plugin Installation

The Hunk Companion plugin for WordPress is vulnerable to unauthorized plugin installation/activation due to a missing capability check on the /wp-json/hc/v1/themehunk-import REST API endpoint in all versions up to, and including, 1.8.4. This makes it possible for unauthenticated attackers to...

9.8CVSS7.6AI score0.09137EPSS
Exploits2References5
Nuclei
Nuclei
added 7 hours ago141 views

Companion Sitemap Generator < 4.5.3 - Cross-Site Scripting

The plugin does not sanitise and escape some parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin. id: CVE-2023-1780 info: name: Companion Sitemap Generator 4.5.3 - Cross-Site Scripting author:...

6.1CVSS6.7AI score0.00998EPSS
Exploits2References2
Nuclei
Nuclei
added 7 hours ago25 views

Hunk Companion < 1.9.0 - Unauthenticated Plugin Installation

The plugin does not correctly authorize some REST API endpoints, allowing unauthenticated requests to install and activate arbitrary plugins from the WordPress.org repo, including vulnerable plugins that have been closed. id: CVE-2024-11972 info: name: Hunk Companion 1.9.0 - Unauthenticated Plugi...

9.8CVSS7.2AI score0.54754EPSS
Exploits5References4
NVD
NVD
added 2026/07/09 10:16 a.m.17 views

CVE-2026-15158

The Blocksy Companion plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 2.1.46 via the saveattachments function. This is due to the Custom Fonts extension registering a wpcheckfiletypeandext filter that approves any filename containing .woff2 or .tt...

9.8CVSS0.00995EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/09 8:31 a.m.7 views

EUVD-2026-42549

The Blocksy Companion plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 2.1.46 via the saveattachments function. This is due to the Custom Fonts extension registering a wpcheckfiletypeandext filter that approves any filename containing .woff2 or .tt...

9.8CVSS6.6AI score0.00995EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/09 8:31 a.m.32 views

CVE-2026-15158 Blocksy Companion <= 2.1.46 - Unauthenticated Arbitrary File Upload via 'blc-review-images[]' Parameter

The Blocksy Companion plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 2.1.46 via the saveattachments function. This is due to the Custom Fonts extension registering a wpcheckfiletypeandext filter that approves any filename containing .woff2 or .tt...

9.8CVSS0.00995EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/07/09 8:31 a.m.8 views

CVE-2026-15158

The Blocksy Companion plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 2.1.46 via the saveattachments function. This is due to the Custom Fonts extension registering a wpcheckfiletypeandext filter that approves any filename containing .woff2 or .tt...

9.8CVSS6.6AI score0.00995EPSS
Exploits0References4
CVE
CVE
added 2026/07/09 8:31 a.m.20 views

CVE-2026-15158

Blocksy Companion

9.8CVSS6.6AI score0.00995EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/09 12:0 a.m.8 views

PT-2026-56760

Name of the Vulnerable Software and Affected Versions Blocksy Companion versions prior to 2.1.47 Description The Blocksy Companion plugin for WordPress allows unauthenticated arbitrary file upload through the save attachments function. The issue occurs because the Custom Fonts extension uses a wp...

9.8CVSS6.3AI score0.00995EPSS
Exploits0References8
NVD
NVD
added 2026/07/08 2:17 p.m.12 views

CVE-2026-58480

Blocksy Companion Pro plugin for WordPress before 2.1.47 contains an unauthenticated arbitrary file upload vulnerability that allows attackers to upload executable files by bypassing extension validation in the saveattachments function exposed through the Advanced Reviews feature. Attackers can...

9.8CVSS0.00605EPSS
Exploits0References4
CVE
CVE
added 2026/07/08 1:5 p.m.14 views

CVE-2026-58480

Blocksy Companion Pro

9.8CVSS6.4AI score0.00605EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/08 1:5 p.m.5 views

EUVD-2026-42233

Blocksy Companion Pro plugin for WordPress before 2.1.47 contains an unauthenticated arbitrary file upload vulnerability that allows attackers to upload executable files by bypassing extension validation in the saveattachments function exposed through the Advanced Reviews feature. Attackers can...

9.8CVSS6.4AI score0.00605EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/08 1:5 p.m.33 views

CVE-2026-58480 Blocksy Companion Pro < 2.1.47 Unauthenticated File Upload via save_attachments

Blocksy Companion Pro plugin for WordPress before 2.1.47 contains an unauthenticated arbitrary file upload vulnerability that allows attackers to upload executable files by bypassing extension validation in the saveattachments function exposed through the Advanced Reviews feature. Attackers can...

9.8CVSS0.00605EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/08 12:0 a.m.30 views

CVE-2026-36028

A protection mechanism failure in the Code 27 Companion Hub allows an attacker with physical access to completely bypass kiosk restrictions via a factory reset...

0.00237EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/08 12:0 a.m.32 views

CVE-2026-36027

An issue in Code27 Companion Hub SQ3A.220705.003.A1 allows a physically proximate attacker to execute arbitrary code via the USB debugging ADB and Android Debug Bridge components...

0.00331EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.6 views

PT-2026-56535

Name of the Vulnerable Software and Affected Versions Code 27 Companion Hub affected versions not specified Description A protection mechanism failure allows an attacker with physical access to completely bypass kiosk restrictions by performing a factory reset. Recommendations At the moment, ther...

6.8CVSS6.1AI score0.00237EPSS
Exploits0References6
CVE
CVE
added 2026/07/08 12:0 a.m.6 views

CVE-2026-36028

Technical details are not publicly available in the provided documents. Monitor for updates as no specific affected components, versions, or remediation are disclosed here.

6.8CVSS6AI score0.00237EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.9 views

PT-2026-56414

Name of the Vulnerable Software and Affected Versions Blocksy Companion Pro plugin for WordPress versions prior to 2.1.47 Description An unauthenticated arbitrary file upload issue exists within the Advanced Reviews feature. The save attachments function fails to properly validate file extensions...

9.8CVSS6.3AI score0.00605EPSS
Exploits0References7
CVE
CVE
added 2026/07/08 12:0 a.m.13 views

CVE-2026-36027

CVE-2026-36027 concerns Code27 Companion Hub SQ3A.220705.003.A1. The issue, described across the provided sources, allows a physically proximate attacker to execute arbitrary code via the USB debugging (ADB) / Android Debug Bridge components. The CVSS metrics indicate a physical attack vector wit...

6.8CVSS6.3AI score0.00331EPSS
Exploits0References3
NVD
NVD
added 2026/07/02 12:17 p.m.10 views

CVE-2026-57624

Unauthenticated Remote Code Execution RCE in Blocksy Companion Pro = 2.1.46 versions...

10CVSS0.00697EPSS
Exploits0References1
Rows per page
Query Builder