The Blocksy Companion plugin for WordPress can be hacked through the plugin’s Newsletter widget. This is because the plugin does not properly protect against harmful code that users may input. This allows attackers with certain permissions to add their own code to a page, which will then run whenever someone views that page.