CVE-2026-15158 - Blocksy Companion <= 2.1.46 - Unauthenticated Arbitrary File Upload via 'blc-review-images[]' Parameter
CVE ID :CVE-2026-15158 Published : July 9, 2026, 10:16 a.m. | 15 minutes ago Description :The Blocksy Companion plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 2.1.46 via the save_attachments function. This is due to the Custom Fonts extension...