Skip to content
CVSS 10.0CVSS 10.0 · CRITICAL

CVE-2026-57624

Unauthenticated Remote Code Execution (RCE) in Blocksy Companion Pro <= 2.1.46 versions.

View on NVD

Analysis

Blocksy Companion Pro en versiones 2.1.46 y anteriores presenta una vulnerabilidad crítica que permite la ejecución remota de código sin autenticación. Un atacante puede tomar control total del servidor de WordPress afectado sin necesidad de credenciales.

Relevant roles

PhpCyberSecurityBackendFrontend

Severity

Score: 10.0(CRITICAL)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
AV: NETWORK
AC: LOW
PR: NONE
UI: NONE
S: CHANGED
C: HIGH
I: HIGH
A: HIGH
Weakness (CWE): CWE-94

EPSS

No EPSS score yet (CVE may be too fresh).

Technical description

Unauthenticated Remote Code Execution (RCE) in Blocksy Companion Pro <= 2.1.46 versions.

Published: 7/2/2026, 12:17:37 PM
Last modified: 7/2/2026, 8:17:04 PM

References

HomeEventsBlogResourcesTeam