CVE Catalog

CVE-2026-57624

CriticalCVSS 10.0
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.70%

49th percentile — higher than 49% of all known CVEs

Summary

The Blocksy Companion Pro plugin version 2.1.46 and earlier contains a critical vulnerability allowing unauthenticated remote code execution (RCE). The vulnerability stems from missing authentication in one of the API endpoints.

Risk Assessment

An attacker can take over the WordPress server without any credentials, leading to full site compromise and potential access to user data.

Recommendation

Immediately update the Blocksy Companion Pro plugin to version 2.1.47 or later. If an update is not possible, temporarily disable the plugin until a patch is applied.

Original NVD description (English source)

Unauthenticated Remote Code Execution (RCE) in Blocksy Companion Pro <= 2.1.46 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS