Vulnerabilities and security researches foradvanced-gutenberg advanced-gutenberg

Jul 05, 2025

CVE, Research URL: CVE-2025-49032
Home page URL: Security reports for Gutenberg Blocks – PublishPress Blocks Gutenberg Editor Plugin
Application: Gutenberg Blocks – PublishPress Blocks Gutenberg Editor Plugin
Date: Jul 03, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PublishPress Gutenberg Blocks allows Stored XSS.This issue affects Gutenberg Blocks: from n/a through 3.3.1.
Affected versions: max 3.3.2.
Status: vulnerable

Aug 06, 2025

CVE, Research URL: CVE-2025-48332
Home page URL: Security reports for Gutenberg Blocks – PublishPress Blocks Gutenberg Editor Plugin
Application: Gutenberg Blocks – PublishPress Blocks Gutenberg Editor Plugin
Date: Aug 14, 2025
Research Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in PublishPress Gutenberg Blocks advanced-gutenberg allows PHP Local File Inclusion.This issue affects Gutenberg Blocks: from n/a through <= 3.3.1.
Affected versions: max 3.3.2.
Status: vulnerable

Apr 24, 2026

CVE, Research URL: CVE-2025-8588
Home page URL: Security reports for Gutenberg Blocks – PublishPress Blocks Gutenberg Editor Plugin
Application: Gutenberg Blocks – PublishPress Blocks Gutenberg Editor Plugin
Date: Oct 25, 2025
Research Description: The Gutenberg Blocks – PublishPress Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Marker Title' and 'Marker Description' parameters for the Maps block in versions up to, and including, 3.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: max 3.4.0.
Status: vulnerable