CVE-2026-15158 | creativethemeshq Blocksy Companion Plugin up to 2.1.46 Custom Fonts Extension shell.woff2.php save_attachments unrestricted upload
A vulnerability has been found in creativethemeshq Blocksy Companion Plugin up to 2.1.46 and classified as critical. The affected element is the function save_attachments of the file shell.woff2.php of the component Custom Fonts Extension. Performing a manipulation results in unrestricted upload.
This vulnerability was named CVE-2026-15158. The attack may be initiated remotely. There is no available exploit.VulDB Recent EntriesRead More