Remote Code Execution in Blocksy Companion Pro Plugin by Blocksy
CVE-2026-57624

10CRITICAL

Key Information:

Vendor

WordPress

Vendor
CVE Published:
2 July 2026

What is CVE-2026-57624?

The Blocksy Companion Pro plugin is susceptible to an unauthenticated Remote Code Execution (RCE) vulnerability in versions 2.1.46 and earlier. This flaw allows attackers to execute arbitrary code on the server without authentication, potentially leading to significant security breaches. It is crucial for users to update to the latest version to mitigate the risks associated with this vulnerability.

Affected Version(s)

Blocksy Companion Pro <= 2.1.46

References

CVSS V3.1

Score:
10
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Nguyen Ba Khanh | Patchstack Bug Bounty Program
.