{
  "claim_outcome": "confirmed",
  "claim_block_reason": null,
  "repro_result": "confirmed",
  "validated_surface": "api_remote",
  "evidence_scope": "production_path",
  "claimed_impact_class": "code_execution",
  "observed_impact_class": "code_execution",
  "exploitability_confidence": "high",
  "attacker_controlled_input": "PHP source placed inside a blocksy-companion-pro/code-editor Gutenberg block (block innerHTML); rendered unauthenticated via the standard WP do_blocks() single-view path of a published ct_content_block.",
  "trigger_path": "Unauthenticated HTTP GET (no cookies/credentials) to /ct_content_block/<slug>/ -> WP do_blocks() -> blocksy-companion-pro/code-editor render_callback -> get_eval_content() -> eval('?>'.$code) -> shell_exec('id; whoami; hostname; uname -a'). Command output (uid=33(www-data)) returned in HTTP body and written to a marker file by www-data.",
  "end_to_end_target_reached": true,
  "sanitizer_used": false,
  "crash_observed": false,
  "read_write_primitive_observed": true,
  "exploit_chain_demonstrated": false,
  "blocking_mitigation": null,
  "inferred": false
}
