Lucene search
+L

62 matches found

nvd
nvd
added 2026/06/27 8:16 a.m.11 views

CVE-2026-12399

The Gutenverse – WordPress Blocks, Page Builder & Site Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.8.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

4.4CVSS0.00246EPSS
Exploits0References12
euvd
euvd
added 2026/06/27 6:50 a.m.9 views

EUVD-2026-39959

The Gutenverse – WordPress Blocks, Page Builder & Site Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.8.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

4.4CVSS5.9AI score0.00246EPSS
Exploits0References12
cvelist
cvelist
added 2026/06/27 6:50 a.m.37 views

CVE-2026-12399 Gutenverse <= 3.8.0 - Authenticated (Editor+) Stored Cross-Site Scripting via 'fonts[].font.font.value' Parameter

The Gutenverse – WordPress Blocks, Page Builder & Site Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.8.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

4.4CVSS0.00246EPSS
Exploits0References12
cve
cve
added 2026/06/27 6:50 a.m.16 views

CVE-2026-12399

The Gutenverse WordPress plugin (Blocks, Page Builder & Site Editor) is affected by a Stored Cross-Site Scripting vulnerability up to version 3.8.0. The issue arises from insufficient input sanitization and output escaping in admin settings, allowing authenticated users with editor-level permissi...

4.4CVSS5.9AI score0.00246EPSS
Exploits0References12
ptsecurity
ptsecurity
added 2026/06/27 12:0 a.m.14 views

PT-2026-53053

Name of the Vulnerable Software and Affected Versions Gutenverse versions prior to 3.8.1 Description The Gutenverse – WordPress Blocks, Page Builder & Site Editor plugin for WordPress contains a Stored Cross-Site Scripting issue in the admin settings. This occurs due to insufficient input...

4.4CVSS5.9AI score0.00246EPSS
Exploits0References16
redhatcve
redhatcve
added 2026/06/05 7:37 p.m.12 views

CVE-2026-3001

The Gutenverse plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 3.4.6 due to insufficient input sanitization and output escaping. Specifically, the rendercontent method in class-search-result-title.php outputs the val...

6.1CVSS5.7AI score0.00204EPSS
Exploits0References1
nvd
nvd
added 2026/05/27 8:16 a.m.15 views

CVE-2026-3001

The Gutenverse plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 3.4.6 due to insufficient input sanitization and output escaping. Specifically, the rendercontent method in class-search-result-title.php outputs the val...

6.1CVSS0.00204EPSS
Exploits0References3
euvd
euvd
added 2026/05/27 7:45 a.m.10 views

EUVD-2026-32114

The Gutenverse plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 3.4.6 due to insufficient input sanitization and output escaping. Specifically, the rendercontent method in class-search-result-title.php outputs the val...

6.1CVSS6AI score0.00204EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/05/27 7:45 a.m.10 views

CVE-2026-3001

The Gutenverse plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 3.4.6 due to insufficient input sanitization and output escaping. Specifically, the rendercontent method in class-search-result-title.php outputs the val...

6.1CVSS6AI score0.00204EPSS
Exploits0References4
cve
cve
added 2026/05/27 7:45 a.m.23 views

CVE-2026-3001

The CWE: CVE-2026-3001 affects the Gutenverse WordPress plugin, up to version 3.4.6. The vulnerability is a Reflected Cross-Site Scripting (XSS) in the search title block: render_content() echoes get_query_var('s') directly into HTML without escaping, enabling an attacker to craft a URL that inje...

6.1CVSS6AI score0.00204EPSS
Exploits0References3
cnnvd
cnnvd
added 2026/05/27 12:0 a.m.15 views

WordPress plugin Gutenverse 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

6.1CVSS5.7AI score0.00204EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/05/27 12:0 a.m.17 views

PT-2026-43544

The Gutenverse plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 3.4.6 due to insufficient input sanitization and output escaping. Specifically, the render content method in class-search-result-title.php outputs the...

6.1CVSS6AI score0.00204EPSS
Exploits0References4
redhatcve
redhatcve
added 2026/05/06 8:21 p.m.9 views

CVE-2026-2868

The Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'separatorIconSVG' parameter in versions up to, and including, 3.5.3 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS6AI score0.00152EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/05/06 8:21 p.m.10 views

CVE-2026-2948

The Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.5.3 via the importimages function. This makes it possible for authenticated attackers, with contributor-level access and above, t...

6.4CVSS5.9AI score0.00151EPSS
Exploits0References1
nvd
nvd
added 2026/05/05 4:16 a.m.9 views

CVE-2026-2948

The Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.5.3 via the importimages function. This makes it possible for authenticated attackers, with contributor-level access and above, t...

6.4CVSS0.00151EPSS
Exploits0References2
cve
cve
added 2026/05/05 3:37 a.m.15 views

CVE-2026-2948

The vulnerability CVE-2026-2948 affects the Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem plugin for WordPress (versions ≤ 3.5.3). It permits Server-Side Request Forgery via the import_images() function, exploitable by authenticated users with contributor-level access or higher. T...

6.4CVSS5.9AI score0.00151EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/05/05 3:37 a.m.4 views

CVE-2026-2948

The Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.5.3 via the importimages function. This makes it possible for authenticated attackers, with contributor-level access and above, t...

6.4CVSS5.9AI score0.00151EPSS
Exploits0References3
euvd
euvd
added 2026/05/05 3:31 a.m.7 views

EUVD-2026-27171

The Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'separatorIconSVG' parameter in versions up to, and including, 3.5.3 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS6AI score0.00152EPSS
Exploits0References3
nvd
nvd
added 2026/05/05 3:15 a.m.15 views

CVE-2026-2868

The Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'separatorIconSVG' parameter in versions up to, and including, 3.5.3 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS0.00152EPSS
Exploits0References2
cve
cve
added 2026/05/05 2:26 a.m.13 views

CVE-2026-2868

The Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem plugin for WordPress (versions up to 3.5.3) is vulnerable to Stored Cross-Site Scripting via the 'separatorIconSVG' parameter due to insufficient input sanitization and output escaping. Authenticated attackers with contributor-leve...

6.4CVSS6AI score0.00152EPSS
Exploits0References2
Rows per page
Query Builder