A vulnerability marked as critical has been reported in Creative mes Blocksy Companion Pro Plugin up to 2.1.28 on WordPress. This affects an unknown function. Performing a manipulation results in sql injection. This vulnerability is reported as CVE-2026-39596 . The attack is possible to be carried out remotely. No exploit exists. It is suggested to upgrade the affected component.