Gutentor
by WordPress
Source repositories
CVEs (5)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-58680 | Med | 0.42 | 6.5 | 0.00 | Sep 22, 2025 | Missing Authorization vulnerability in gutentor Gutentor gutentor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gutentor: from n/a through <= 3.5.2. | |
| CVE-2025-4685 | Med | 0.42 | 6.4 | 0.00 | Jul 21, 2025 | The Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HTML data attributes of multiple widgets, in all versions up to, and including, 3.4.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |
| CVE-2025-22293 | Med | 0.42 | 6.5 | 0.00 | Jan 7, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gutentor Gutentor gutentor allows DOM-Based XSS.This issue affects Gutentor: from n/a through <= 3.4.3. | |
| CVE-2026-2951 | Med | 0.35 | 5.4 | 0.00 | Apr 23, 2026 | The Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.5.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |
| CVE-2025-58783 | Med | 0.28 | 4.3 | 0.00 | Sep 5, 2025 | Missing Authorization vulnerability in gutentor Gutentor gutentor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gutentor: from n/a through <= 3.5.5. |
- risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in gutentor Gutentor gutentor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gutentor: from n/a through <= 3.5.2.
- risk 0.42cvss 6.4epss 0.00
The Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HTML data attributes of multiple widgets, in all versions up to, and including, 3.4.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
- risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gutentor Gutentor gutentor allows DOM-Based XSS.This issue affects Gutentor: from n/a through <= 3.4.3.
- risk 0.35cvss 5.4epss 0.00
The Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.5.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
- risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in gutentor Gutentor gutentor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gutentor: from n/a through <= 3.5.5.