CVE Catalog

CVE-2026-57630

MediumCVSS 5.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.23%

13th percentile — higher than 13% of all known CVEs

Summary

The Blocksy Companion Pro plugin version 2.1.46 and earlier contains an unauthenticated Insecure Direct Object References (IDOR) vulnerability. This allows an attacker to access resources that should be protected without authentication.

Risk Assessment

The risk involves unauthorized reading or modification of sensitive data, which could lead to information disclosure or system integrity compromise.

Recommendation

It is recommended to immediately update the Blocksy Companion Pro plugin to a version newer than 2.1.46, which fixes this vulnerability.

Original NVD description (English source)

Unauthenticated Insecure Direct Object References (IDOR) in Blocksy Companion Pro <= 2.1.46 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS