Product
critical
advisory
Critical RCE Vulnerability in Blocksy Companion Pro WordPress Plugin (CVE-2026-58480)
1 rule 3 TTPs 1 CVEAn unauthenticated arbitrary file upload vulnerability (CVE-2026-58480) in Blocksy Companion Pro plugin for WordPress versions prior to 2.1.47 allows attackers to bypass extension validation via double-extension files, leading to remote code execution by forcing the web server to execute uploaded PHP files.
Blocksy Companion Pro plugin < 2.1.47 +1
wordpress
plugin
rce
file-upload
web
1r
3t
1c
high
advisory
CVE-2026-6820: VikBooking WordPress Plugin Stored XSS Vulnerability
2 TTPs 1 CVEAn unauthenticated Stored Cross-Site Scripting vulnerability (CVE-2026-6820) in the VikBooking Hotel Booking Engine & PMS plugin for WordPress versions up to 1.8.8 allows attackers to inject malicious web scripts via the 'email' parameter, leading to client-side code execution in victims' browsers.
VikBooking Hotel Booking Engine & PMS +1
wordpress
plugin
xss
web-vulnerability
2t
1c