CVE-2026-2948 Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem <= 3.5.3 - Authenticated (Contributor+) Server-Side Request Forgery via 'imageUrl'

The Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.5.3 via the importimages function. This makes it possible for authenticated attackers, with contributor-level access and above, t...

WordPress Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem plugin <= 3.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Gutenverse versions = 3.5.3...

PT-2026-30304

Name of the Vulnerable Software and Affected Versions Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem plugin for WordPress versions up to and including 3.4.6 Description The Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem plugin for WordPress is susceptible to Stored...

CVE-2025-66065

Missing Authorization vulnerability in Jegstudio Gutenverse gutenverse allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gutenverse: from n/a through = 3.2.1...

EUVD-2025-198476

Missing Authorization vulnerability in Jegstudio Gutenverse gutenverse allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gutenverse: from n/a through = 3.2.1...

CVE-2025-66065

Missing Authorization vulnerability in Jegstudio Gutenverse gutenverse allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gutenverse: from n/a through = 3.2.1...

CVE-2025-66065 WordPress Gutenverse plugin <= 3.2.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Jegstudio Gutenverse gutenverse allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gutenverse: from n/a through = 3.2.1...

CVE-2023-35875

Missing Authorization vulnerability in Jegstudio Gutenverse allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gutenverse: from n/a through 1.8.5...

CVE-2023-35875

CVE-2023-35875 affects the Gutenverse (Gutenberg Blocks – Page Builder for Site Editor) WordPress plugin. According to Patchstack, versions

CVE-2024-43920 WordPress Gutenverse – Gutenberg Blocks – Page Builder for Site Editor plugin <= 1.9.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Jegstudio Gutenverse allows Stored XSS.This issue affects Gutenverse: from n/a through 1.9.4...

CVE-2024-43920 WordPress Gutenverse – Gutenberg Blocks – Page Builder for Site Editor plugin <= 1.9.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Jegstudio Gutenverse allows Stored XSS.This issue affects Gutenverse: from n/a through 1.9.4...

WordPress Gutenverse Plugin <= 1.9.4 is vulnerable to Cross Site Scripting (XSS)

Software Gutenverse Type Plugin Vulnerable versions = 1.9.4 Fixed in 2.0.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43920 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID dce203896515 Credits João Pedro S Alcântara Kinorth Required...

CVE-2024-38785 WordPress Gutenverse plugin <= 1.9.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Jegstudio Gutenverse allows Stored XSS.This issue affects Gutenverse: from n/a through 1.9.2...

CVE-2024-38785 WordPress Gutenverse plugin <= 1.9.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Jegstudio Gutenverse allows Stored XSS.This issue affects Gutenverse: from n/a through 1.9.2...

CVE-2024-3692

The Gutenverse WordPress plugin before 1.9.1 does not validate the htmlTag option in various of its block before outputting it back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2024-3692

The CVE-2024-3692 entry concerns Gutenverse (WordPress) before 1.9.1. The vulnerability is a Stored XSS caused by not validating the htmlTag option in various blocks before output, allowing authenticated users with theContributor+ role to inject malicious HTML. Red Hat and Patchstack entries corr...

CVE-2024-3692 Gutenverse < 1.9.1 - Contributor+ Stored XSS

The Gutenverse WordPress plugin before 1.9.1 does not validate the htmlTag option in various of its block before outputting it back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2024-3692 Gutenverse < 1.9.1 - Contributor+ Stored XSS

The Gutenverse WordPress plugin before 1.9.1 does not validate the htmlTag option in various of its block before outputting it back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

WordPress Gutenverse Plugin < 1.9.1 is vulnerable to Cross Site Scripting (XSS)

Software Gutenverse Type Plugin Vulnerable versions 1.9.1 Fixed in 1.9.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3692 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 0ff3d9170b25 Credits Dmtirii Ignatyev Required...

Gutenverse < 1.9.1 - Contributor+ Stored XSS

Description The plugin does not validate the htmlTag option in various of its block before outputting it back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks As a contributor, put the below code in...