CVE Catalog
CVE-2026-57624
CriticalCVSS 10.0Exploitation Probability (EPSS)
Low risk0.70%
49th percentile — higher than 49% of all known CVEs
Summary
The Blocksy Companion Pro plugin version 2.1.46 and earlier contains a critical vulnerability allowing unauthenticated remote code execution (RCE). The vulnerability stems from missing authentication in one of the API endpoints.
Risk Assessment
An attacker can take over the WordPress server without any credentials, leading to full site compromise and potential access to user data.
Recommendation
Immediately update the Blocksy Companion Pro plugin to version 2.1.47 or later. If an update is not possible, temporarily disable the plugin until a patch is applied.
Original NVD description (English source)
Unauthenticated Remote Code Execution (RCE) in Blocksy Companion Pro <= 2.1.46 versions.

