cleantalk
Vulnerabilities and Security Researches

Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor, CVE-2026-2951

CVE, Research URL

CVE-2026-2951

Home page URL

Security reports for Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor

Application

Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor

Published on
Apr 23, 2026
Research Description
The Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.5.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
max 3.5.6.
Status
vulnerable
Previous vulnerability researches
CI HUB Connector (CVE-2026-4353) , Apr 23, 2026
New vulnerability
Skimlinks Affiliate Marketing Tool (CVE-2025-57944) , Apr 24, 2026
Switch CTA Box (CVE-2026-4088) , Apr 24, 2026
CalJ (CVE-2026-4117) , Apr 24, 2026
Meta Slider and Carousel with Lightbox (CVE-2026-6443) , Apr 24, 2026
WP Directory Kit (CVE-2026-39531) , Apr 24, 2026