CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

35 matches found

GutenKit <= 2.1.0 - Arbitrary File Upload

The GutenKit Page Builder Blocks, Patterns, and Templates for Gutenberg Block Editor plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the installandactivatepluginfromexternal function install-active-plugin REST API endpoint in all versions up to, a...

9.8CVSS7.6AI score0.93403EPSS

Exploits3References2

HackRead•added 2025/10/28 10:5 a.m.•2 views

Mass Attack Targets WordPress via GutenKit and Hunk Companion Plugins

Mass exploitation attacks are once again targeting WordPress websites, this time through serious vulnerabilities in two popular plugins,…...

7.1AI score

Exploits0

Wordfence Blog•added 2025/10/23 7:38 p.m.•7 views

Mass Exploit Campaign Targeting Arbitrary Plugin Installation Vulnerabilities

📢 Calling all Vulnerability Researchers and Bug Bounty Hunters!📢 🚀 Operation: Maximum Impact Challenge ! Now through November 10, 2025, earn 2X bounty rewards forall in-scope submissions in software with at least 5,000 active installs and fewer than 5 million active installs. Bounties up to $31,2...

9.8CVSS9.5AI score0.93403EPSS

Exploits10

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2025-30733

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00032EPSS

Exploits0References2

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2025-12303

Malicious code in bioql PyPI...

6.5CVSS7.2AI score0.00122EPSS

Exploits0References2

RedhatCVE•added 2025/09/24 6:30 p.m.•1 views

CVE-2025-57900

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ataur R GutenKit gutenkit-blocks-addon allows Stored XSS.This issue affects GutenKit: from n/a through = 2.4.2...

6.5CVSS5.9AI score0.00032EPSS

Exploits0References1

Patchstack•added 2025/09/22 7:37 p.m.•3 views

WordPress GutenKit Plugin <= 2.4.2 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Prissy in WordPress Plugin GutenKit versions = 2.4.2...

6.5CVSS6AI score0.00032EPSS

Exploits0Affected Software1

NVD•added 2025/09/22 7:15 p.m.•2 views

CVE-2025-57900

6.5CVSS0.00032EPSS

Exploits0References1

Vulnrichment•added 2025/09/22 6:25 p.m.•2 views

CVE-2025-57900 WordPress GutenKit Plugin <= 2.4.2 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ataur R GutenKit allows Stored XSS. This issue affects GutenKit: from n/a through 2.4.2...

6.5CVSS5.6AI score0.00032EPSS

Exploits0References1

CVE•added 2025/09/22 6:25 p.m.•7 views

CVE-2025-57900

CVE-2025-57900 is a stored XSS vulnerability affecting GutenKit: Page Builder Blocks, Patterns, and Templates for Gutenberg, with exposure from GutenKit versions up to 2.4.2. The public description specifies improper neutralization of input during web page generation, enabling Stored XSS. The con...

6.5CVSS5.9AI score0.00032EPSS

Exploits0References1

Cvelist•added 2025/09/22 6:25 p.m.•7 views

CVE-2025-57900 WordPress GutenKit Plugin <= 2.4.2 - Cross Site Scripting (XSS) Vulnerability

6.5CVSS0.00032EPSS

Exploits0References1

CNNVD•added 2025/09/22 12:0 a.m.•1 views

WordPress plugin GutenKit 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site...

6.5CVSS5.8AI score0.00032EPSS

Exploits0References1

Positive Technologies•added 2025/09/22 12:0 a.m.•3 views

PT-2025-39010

Name of the Vulnerable Software and Affected Versions Ataur R GutenKit versions through 2.4.2 Description The software contains a flaw related to improper input handling during web page generation, which can lead to Stored Cross-site Scripting XSS. This allows an attacker to inject malicious...

6.5CVSS6AI score0.00032EPSS

Exploits0References3

RedhatCVE•added 2025/04/25 11:36 p.m.•5 views

CVE-2025-46253

6.5CVSS7.2AI score0.00122EPSS

Exploits0References1

VulnCheck KEV•added 2025/04/23 12:0 a.m.•0 views

VulnCheck KEV: CVE-2024-9234

The GutenKit – Page Builder Blocks, Patterns, and Templates for Gutenberg Block Editor plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the installandactivatepluginfromexternal function install-active-plugin REST API endpoint in all...

9.8CVSS5.9AI score0.93403EPSS

Exploits3References1

Patchstack•added 2025/04/22 11:50 a.m.•5 views

WordPress GutenKit plugin <= 2.2.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Khalid Yusuf in WordPress Plugin GutenKit versions = 2.2.2...

6.5CVSS6.9AI score0.00122EPSS

Exploits0Affected Software1

OSV•added 2025/04/22 10:15 a.m.•1 views

CVE-2025-46253

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ataur R GutenKit allows Stored XSS. This issue affects GutenKit: from n/a through 2.2.2...

5.4CVSS5.8AI score0.00122EPSS

Exploits0References1

NVD•added 2025/04/22 10:15 a.m.•5 views

CVE-2025-46253

6.5CVSS0.00122EPSS

Exploits0References1

CVE•added 2025/04/22 9:53 a.m.•47 views

CVE-2025-46253

CVE-2025-46253 affects the GutenKit plugin (WordPress GutenKit – Page Builder Blocks, Patterns, and Templates for Gutenberg) and is a Stored XSS due to improper input neutralization during web page generation. Affected versions are up to 2.2.2 (inclusive). Public sources describe the issue as Cro...

6.5CVSS7.2AI score0.00122EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2025/04/22 9:53 a.m.•5 views

CVE-2025-46253 WordPress GutenKit plugin <= 2.2.2 - Cross Site Scripting (XSS) vulnerability

6.5CVSS7.2AI score0.00122EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by