A vulnerability has been found in creativethemeshq Blocksy Companion Plugin up to 2.1.45 on WordPress and classified as problematic . Impacted is an unknown function of the component Setting Handler . Performing a manipulation results in cross site scripting. This vulnerability was named CVE-2026-12430 . The attack may be initiated remotely. There is no available exploit. The affected component should be upgraded.