{"vulnerability": "cve-2026-58480", "sightings": [{"uuid": "823e80ec-c2ea-42cb-b4e7-59ca5e990fb6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-58480", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116884598388668562", "content": "Blocksy Companion Pro &lt;2.1.47 has a CRITICAL unauthenticated file upload flaw (CVE-2026-58480). Attackers can bypass extension checks and achieve remote code execution via crafted filenames. Patch ASAP. https://radar.offseq.com/threat/cve-2026-58480-unrestricted-upload-of-file-with-da-329cbb8c3408e021 #OffSeq #CVE202658480 #WordPress #Vuln", "creation_timestamp": "2026-07-08T13:30:32.375874Z"}, {"uuid": "d049ebfd-9b3e-40ea-97a8-d9e0c1d2f266", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-58480", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mq5a3kmqpd2j", "content": "Blocksy Companion Pro for WordPress has a CRITICAL file upload vulnerability (CVE-2026-58480). Unauthenticated attackers can achieve RCE \u2014 update immediately if possible. https://radar.offseq.com/threat/cve-2026-58480-unrestricted-upload-of-file-with-da-329cbb8c3408e021 #OffSeq #WordPress #CVE202...", "creation_timestamp": "2026-07-08T13:30:34.392225Z"}, {"uuid": "33c4fe6c-de5b-492d-9279-c7a9e21cc6da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-58480", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mq5cftox272w", "content": "CVE-2026-58480 - blocksy companion\nThe Blocksy Companion Pro plugin for WordPress is affected if it's version is less than 2.1.47. Attackers can upload malicious files, such as executable\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#blocksycompanion #creativethemes #CVE #infosec", "creation_timestamp": "2026-07-08T14:12:06.516593Z"}, {"uuid": "0ce95557-d6a1-4ffb-8f81-3ef07663f741", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-58480", "type": "seen", "source": "https://bsky.app/profile/malwareobserver.bsky.social/post/3mq5e5errax26", "content": "\ud83d\udc1b VULNERABILITIES CVE Notify: \ud83d\udea8 [CVE-2026-58480](https://patchstack.com/database/wordpress/plugin/blocksy-companion/vulnerability...\nhttps://patchstack.com/database/wordpress/plugin/blocksy-companion/vulnerability/wordpress-blocksy-companion-plugin-2-1-46-unauthenticated-arbitrary-file-upload-vuln", "creation_timestamp": "2026-07-08T14:43:09.575692Z"}, {"uuid": "cf7a9d5b-9b12-459c-936d-f6c7f8996fcc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-58480", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mq5ka65ce62t", "content": "CVE-2026-58480 - Blocksy Companion Pro\nCVE ID : CVE-2026-58480\n \n Published : July 8, 2026, 2:17 p.m. | 42\u00a0minutes ago\n \n Description : Blocksy Companion Pro plugin for WordPress before 2.1.47 contains an unauthenticated arbitrary file upload vulnerability that allows attacker...", "creation_timestamp": "2026-07-08T16:32:06.805787Z"}, {"uuid": "3ddc6269-24f7-45a5-a5e1-a41dc88d4cb6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-58480", "type": "seen", "source": "https://bsky.app/profile/pulse-wp.com/post/3mq6dcaeasa2p", "content": "Arbitrary file upload. No auth required. CVE-2026-58480. Blocksy Companion Pro before 2.1.47 lets any visitor execute code on your server. CVSS 9.8. No patch available yet. Disable it now. Scan: pulse-wp.com\n#WordPress #RCE #CyberSecurity", "creation_timestamp": "2026-07-09T00:00:38.608370Z"}]}