CVE Catalog
CVE-2026-57630
MediumCVSS 5.3Exploitation Probability (EPSS)
Low risk0.23%
13th percentile — higher than 13% of all known CVEs
Summary
The Blocksy Companion Pro plugin version 2.1.46 and earlier contains an unauthenticated Insecure Direct Object References (IDOR) vulnerability. This allows an attacker to access resources that should be protected without authentication.
Risk Assessment
The risk involves unauthorized reading or modification of sensitive data, which could lead to information disclosure or system integrity compromise.
Recommendation
It is recommended to immediately update the Blocksy Companion Pro plugin to a version newer than 2.1.46, which fixes this vulnerability.
Original NVD description (English source)
Unauthenticated Insecure Direct Object References (IDOR) in Blocksy Companion Pro <= 2.1.46 versions.

