168 matches found
CVE-2026-12399
The Gutenverse – WordPress Blocks, Page Builder & Site Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.8.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
CVE-2026-12399
The Gutenverse WordPress plugin (Blocks, Page Builder & Site Editor) is affected by a Stored Cross-Site Scripting vulnerability up to version 3.8.0. The issue arises from insufficient input sanitization and output escaping in admin settings, allowing authenticated users with editor-level permissi...
EUVD-2026-39959
The Gutenverse – WordPress Blocks, Page Builder & Site Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.8.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
CVE-2026-12399 Gutenverse <= 3.8.0 - Authenticated (Editor+) Stored Cross-Site Scripting via 'fonts[].font.font.value' Parameter
The Gutenverse – WordPress Blocks, Page Builder & Site Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.8.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
PT-2026-53053
Name of the Vulnerable Software and Affected Versions Gutenverse versions prior to 3.8.1 Description The Gutenverse – WordPress Blocks, Page Builder & Site Editor plugin for WordPress contains a Stored Cross-Site Scripting issue in the admin settings. This occurs due to insufficient input...
CVE-2026-56040
Unauthenticated Cross Site Scripting XSS in Gutenverse Form = 2.4.7 versions...
CVE-2026-54832
Unauthenticated Broken Access Control in Gutenverse Companion = 2.5.0 versions...
CVE-2026-56040 WordPress Gutenverse Form plugin <= 2.4.7 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in Gutenverse Form = 2.4.7 versions...
CVE-2026-56040
The CVE-2026-56040 entry describes an unauthenticated Cross-Site Scripting (XSS) vulnerability affecting the WordPress Gutenverse Form plugin up to version 2.4.7. The issue is identified in multiple sources (including NVD/CVE records) and is scored with a CVSSv3.1 base score of 7.1 (HIGH), with n...
EUVD-2026-39702
Unauthenticated Cross Site Scripting XSS in Gutenverse Form = 2.4.7 versions...
EUVD-2026-39676
Unauthenticated Broken Access Control in Gutenverse Companion = 2.5.0 versions...
CVE-2026-54832 WordPress Gutenverse Companion plugin <= 2.5.0 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in Gutenverse Companion = 2.5.0 versions...
CVE-2026-54832
The CVE-2026-54832 entry affects the WordPress plugin Gutenverse Companion, specifically versions
WordPress Gutenverse Form plugin <= 2.4.7 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by hivesec in WordPress Plugin Gutenverse Form versions = 2.4.7...
WordPress Gutenverse Companion plugin <= 2.5.0 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by mxym in WordPress Plugin Gutenverse Companion versions = 2.5.0...
CVE-2026-3001
The Gutenverse plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 3.4.6 due to insufficient input sanitization and output escaping. Specifically, the rendercontent method in class-search-result-title.php outputs the val...
WordPress Gutenverse – WordPress Blocks, Page Builder & Site Editor plugin <= 3.4.6 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Plugin Gutenverse versions = 3.4.6...
CVE-2026-3001
The Gutenverse plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 3.4.6 due to insufficient input sanitization and output escaping. Specifically, the rendercontent method in class-search-result-title.php outputs the val...
CVE-2026-3001 Gutenverse <= 3.4.6 - Reflected Cross-Site Scripting via 's' Parameter
The Gutenverse plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 3.4.6 due to insufficient input sanitization and output escaping. Specifically, the rendercontent method in class-search-result-title.php outputs the val...
CVE-2026-3001
The Gutenverse plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 3.4.6 due to insufficient input sanitization and output escaping. Specifically, the rendercontent method in class-search-result-title.php outputs the val...