Lucene search
K

1398 matches found

CNNVD
CNNVD
added 2026/06/05 12:0 a.m.9 views

WPDeveloper Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns 服务端请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

7.2CVSS6.1AI score0.00213EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/04 11:28 p.m.48 views

CVE-2026-10586 Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns <= 6.1.3 - Authenticated (Author+) Server-Side Request Forgery

The Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.1.3 via the saveaigeneratedimage function. This makes it possible for authenticated attackers, with Author-level...

7.2CVSS0.00213EPSS
Exploits0References2
CVE
CVE
added 2026/06/04 11:28 p.m.25 views

CVE-2026-10586

The CVE describes a Server-Side Request Forgery in the Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns WordPress plugin. Affected software: WordPress plugin, versions up to and including 6.1.3. Vulnerable component: save_ai_generated_image() function. Root cause: CSRF-li...

7.2CVSS5.9AI score0.00213EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/04 11:28 p.m.10 views

CVE-2026-10586

The Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.1.3 via the saveaigeneratedimage function. This makes it possible for authenticated attackers, with Author-level...

7.2CVSS5.9AI score0.00213EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.19 views

PT-2026-46763

Name of the Vulnerable Software and Affected Versions Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns versions prior to 6.1.4 Description The plugin is susceptible to Server-Side Request Forgery SSRF, a flaw where an attacker can induce the server-side application to mak...

7.2CVSS5.4AI score0.00213EPSS
Exploits0References6
Patchstack
Patchstack
added 2026/06/02 8:26 a.m.20 views

WordPress Spectra Gutenberg Blocks – Website Builder for the Block Editor plugin <= 2.19.25 - Authenticated (Contributor+) Remote Code Execution vulnerability

Authenticated Contributor+ Remote Code Execution vulnerability discovered by kai63001 in WordPress Plugin Spectra versions = 2.19.25...

8.8CVSS5.8AI score0.01174EPSS
Exploits3References1Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2026/06/02 12:0 a.m.63 views

VulnCheck KEV: CVE-2026-7465

The Spectra Gutenberg Blocks – Website Builder for the Block Editor plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.19.25. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server...

8.8CVSS6.1AI score0.01174EPSS
In wildExploits3References2
RedhatCVE
RedhatCVE
added 2026/06/01 4:3 p.m.12 views

CVE-2026-7465

The Spectra Gutenberg Blocks – Website Builder for the Block Editor plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.19.25. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server...

8.8CVSS6.1AI score0.01174EPSS
Exploits3References1
Patchstack
Patchstack
added 2026/06/01 8:25 a.m.11 views

WordPress GutenBee – Gutenberg Blocks plugin <= 2.20.1 - Authenticated (Author+) Arbitrary File Upload vulnerability

Authenticated Author+ Arbitrary File Upload vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin GutenBee versions = 2.20.1...

8.8CVSS5.8AI score0.00659EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/30 9:29 a.m.13 views

CVE-2026-7465

The Spectra Gutenberg Blocks – Website Builder for the Block Editor plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.19.25. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server...

8.8CVSS6.1AI score0.01174EPSS
Exploits3References7
Cvelist
Cvelist
added 2026/05/30 9:29 a.m.48 views

CVE-2026-7465 Spectra Gutenberg Blocks <= 2.19.25 - Authenticated (Contributor+) Remote Code Execution via Arbitrary PHP Function Call via Block Attributes

The Spectra Gutenberg Blocks – Website Builder for the Block Editor plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.19.25. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server...

8.8CVSS0.01174EPSS
Exploits3References6
CVE
CVE
added 2026/05/30 9:29 a.m.75 views

CVE-2026-7465

Summary (supported by provided documents): CVE-2026-7465 affects the WordPress plugin Spectra Gutenberg Blocks (ultimate-addons-for-gutenberg). In versions up to and including 2.19.25, an authenticated Contributor can influence post block attributes in uagb/* blocks, which are dynamically registe...

8.8CVSS6.1AI score0.01174EPSS
In wildExploits3References6
CNNVD
CNNVD
added 2026/05/30 12:0 a.m.13 views

WordPress plugin Spectra Gutenberg Blocks 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

8.8CVSS6.2AI score0.01174EPSS
Exploits3References6
Positive Technologies
Positive Technologies
added 2026/05/30 12:0 a.m.26 views

PT-2026-45089

Name of the Vulnerable Software and Affected Versions Spectra Gutenberg Blocks – Website Builder for the Block Editor versions prior to 2.19.26 Description The plugin is susceptible to Remote Code Execution, allowing authenticated attackers with Contributor-level access or higher to execute code ...

8.8CVSS6.2AI score0.01174EPSS
Exploits3References12
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.9 views

WordPress plugin GutenBee – Gutenberg Blocks 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

8.8CVSS6.3AI score0.00659EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/05/27 4:29 a.m.9 views

CVE-2026-6287

The ShopLentor - WooCommerce Builder for Elementor & Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'blockUniqId' block attribute in multiple Product Gride blocks in versions up to, and including, 3.3.8 due to insufficient input sanitization and output escapin...

5.4CVSS6AI score0.00197EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/05/26 4:17 p.m.11 views

WordPress ShopLentor – All-in-One WooCommerce Growth & Store Enhancement Plugin plugin <= 3.3.8 - WooCommerce Builder for Elementor & Gutenberg <= 3.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

All-in-One WooCommerce Growth & Store Enhancement Plugin plugin = 3.3.8 - WooCommerce Builder for Elementor & Gutenberg = 3.3.8 - Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by ammonia - UC SANTA BARBARA in WordPress Plugin ShopLentor versions = 3.3.8...

5.4CVSS5.8AI score0.00197EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/12 2:21 p.m.10 views

CVE-2026-42648

Missing Authorization vulnerability in Brainstorm Force Spectra ultimate-addons-for-gutenberg allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from n/a through = 2.19.22...

4.3CVSS5.8AI score0.00165EPSS
Exploits0References1
NVD
NVD
added 2026/05/02 8:16 a.m.7 views

CVE-2026-2052

The Widget Options – Advanced Conditional Visibility for Gutenberg Blocks & Classic Widgets plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.2.2 via the Display Logic feature. This is due to the plugin using eval on user-supplied Display Logic...

8.8CVSS0.00774EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/05/02 7:46 a.m.35 views

CVE-2026-2052 Widget Options <= 4.2.2 - Authenticated (Contributor+) Remote Code Execution via Display Logic

The Widget Options – Advanced Conditional Visibility for Gutenberg Blocks & Classic Widgets plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.2.2 via the Display Logic feature. This is due to the plugin using eval on user-supplied Display Logic...

8.8CVSS0.00774EPSS
Exploits0References6
Rows per page
Query Builder