Vulnerabilities and security researches forgutenverse gutenverse

Apr 30, 2025

CVE, Research URL: CVE-2025-2893
Home page URL: Security reports for Gutenverse – Gutenberg Blocks – Page Builder for Site Editor
Application: Gutenverse – Gutenberg Blocks – Page Builder for Site Editor
Date: Apr 29, 2025
Research Description: The Gutenverse – Ultimate Block Addons and Page Builder for Site Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's countdown Block in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Aug 29, 2024

CVE, Research URL: CVE-2024-43920
Home page URL: Security reports for Gutenverse – Gutenberg Blocks – Page Builder for Site Editor
Application: Gutenverse – Gutenberg Blocks – Page Builder for Site Editor
Date: -
Research Description: Gutenverse – Gutenberg Blocks – Page Builder for Site Editor [gutenverse] < 2.0.0 CVE-2024-43920
Affected versions: Min -, max -.
Status: vulnerable

Jun 10, 2024

CVE, Research URL: CVE-2023-35875
Home page URL: Security reports for Gutenverse – Gutenberg Blocks – Page Builder for Site Editor
Application: Gutenverse – Gutenberg Blocks – Page Builder for Site Editor
Date: Dec 13, 2024
Research Description: Missing Authorization vulnerability in Jegstudio Gutenverse allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gutenverse: from n/a through 1.8.5.
Affected versions: Min -, max -.
Status: vulnerable

Jun 06, 2024

CVE, Research URL: CVE-2024-3692
Home page URL: Security reports for Gutenverse – Gutenberg Blocks – Page Builder for Site Editor
Application: Gutenverse – Gutenberg Blocks – Page Builder for Site Editor
Date: May 03, 2024
Research Description: The Gutenverse WordPress plugin before 1.9.1 does not validate the htmlTag option in various of its block before outputting it back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: a58b0ffe6aa969b285dc8e2ff7dbe19199c693a3
Home page URL: Security reports for Gutenverse – Gutenberg Blocks – Page Builder for Site Editor
Application: Gutenverse – Gutenberg Blocks – Page Builder for Site Editor
Date: Jun 19, 2023
Research Description: Gutenverse – Gutenberg Blocks – Page Builder for Site Editor [gutenverse] < 1.8.6 WordPress Gutenverse Plugin <= 1.8.5 is vulnerable to Broken Access Control Update the WordPress Gutenverse plugin to the latest available version (at least 1.8.6). Mika discovered and reported this Broken Access Control vulnerability in WordPress Gutenverse Plugin. This vulnerability has been fixed in version 1.8.6.
Affected versions: Min -, max -.
Status: vulnerable