CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2026/05/28 6:45 a.m.•29 views

CVE-2026-9227 GutenBee <= 2.20.1 - Authenticated (Author+) Arbitrary File Upload via wp_check_filetype_and_ext Filter

8.8CVSS0.00158EPSS

ATTACKERKB•added 2026/05/28 6:45 a.m.•5 views

CVE-2026-9227

CVE•added 2026/05/28 6:45 a.m.•10 views

Exploits0References10

CVE-2026-9227

The connected CVE entries confirm a vulnerability in GutenBee ≤ 2.20.1 (WordPress plugin): an Arbitrary File Upload via the function gutenbee_file_and_ext_json. The root cause is a flawed strpos() check that only tests for the presence of ".json" in the filename, not that it ends with a .json ext...

EUVD•added 2026/05/28 6:45 a.m.•6 views

EUVD-2026-32732

Vulnrichment•added 2026/05/28 6:45 a.m.•3 views

CVE-2026-9227 GutenBee <= 2.20.1 - Authenticated (Author+) Arbitrary File Upload via wp_check_filetype_and_ext Filter

Positive Technologies•added 2026/05/28 12:0 a.m.•4 views

PT-2026-44209

Name of the Vulnerable Software and Affected Versions GutenBee – Gutenberg Blocks versions prior to 2.20.2 Description The plugin is subject to arbitrary file upload due to a flawed substring check in the gutenbee file and ext json function. The strpos function only verifies if the filename...

8.8CVSS6.2AI score0.00158EPSS

Exploits0References11

CNNVD•added 2026/05/28 12:0 a.m.•5 views

WordPress plugin GutenBee – Gutenberg Blocks 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

8.8CVSS6.3AI score0.00158EPSS

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2025-31699

Malicious code in bioql PyPI...

6.4CVSS6.6AI score0.00032EPSS

RedhatCVE•added 2025/10/01 4:23 a.m.•3 views

CVE-2025-8566

The GutenBee – Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via parameters in the CountUp and Google Maps Blocks in all versions up to, and including, 2.18.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS5AI score0.00032EPSS

Exploits0References1

NVD•added 2025/09/30 11:37 a.m.•2 views

CVE-2025-8566

6.4CVSS0.00032EPSS

Vulnrichment•added 2025/09/30 3:35 a.m.•2 views

CVE-2025-8566 GutenBee – Gutenberg Blocks <= 2.18.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4CVSS4.7AI score0.00032EPSS

Exploits0References2

CVE•added 2025/09/30 3:35 a.m.•12 views

CVE-2025-8566

Summary (CVE-2025-8566) The GutenBee – Gutenberg Blocks WordPress plugin is vulnerable to Stored Cross-Site Scripting in CountUp and Google Maps blocks. Affected versions are up to 2.18.0 due to insufficient input sanitization and output escaping. Exploitation requires authenticated access at Con...

6.4CVSS4.7AI score0.00032EPSS

Cvelist•added 2025/09/30 3:35 a.m.•6 views

CVE-2025-8566 GutenBee – Gutenberg Blocks <= 2.18.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4CVSS0.00032EPSS

Patchstack•added 2025/09/30 12:27 a.m.•5 views

WordPress GutenBee plugin <= 2.18.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zer0gh0st in WordPress Plugin GutenBee versions = 2.18.0...

6.4CVSS5.5AI score0.00032EPSS

Exploits0References1Affected Software1

CNNVD•added 2025/09/30 12:0 a.m.•2 views

WordPress plugin GutenBee 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

6.4CVSS5.8AI score0.00032EPSS