Remote Code Execution in Blocksy Companion Pro by Patchstack
CVE-2026-57315

8.5HIGH

Key Information:

Vendor

WordPress

Vendor
CVE Published:
26 June 2026

What is CVE-2026-57315?

A remote code execution vulnerability has been identified in Blocksy Companion Pro versions 2.1.45 and earlier. This security flaw allows remote attackers to execute arbitrary code, potentially compromising the affected WordPress installations. Website owners using vulnerable versions of Blocksy Companion Pro are strongly advised to update their plugins to ensure the integrity and security of their sites.

Affected Version(s)

Blocksy Companion Pro <= 2.1.45

References

CVSS V3.1

Score:
8.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

daroo | Patchstack Bug Bounty Program
.