cleantalk
Vulnerabilities and Security Researches

GutenBee – Gutenberg Blocks, CVE-2026-9227

CVE, Research URL

CVE-2026-9227

Home page URL

Security reports for GutenBee – Gutenberg Blocks

Application

GutenBee – Gutenberg Blocks

Published on
May 28, 2026
Research Description
The GutenBee – Gutenberg Blocks plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 2.20.1 via the gutenbee_file_and_ext_json function. This is due to a flawed strpos() substring check that only verifies whether the filename contains the string '.json' rather than confirming the filename ends with a .json extension, allowing double-extension filenames like shell.json.php to bypass validation. This makes it possible for authenticated attackers, with author-level access and above, to upload files that may be executable, which makes remote code execution possible.
Affected versions
max 2.20.2.
Status
vulnerable
Previous vulnerability researches
Simple GDPR Cookie Compliance (CVE-2026-24604) , Jan 27, 2026
GDPR Cookie Compliance (CCPA, DSGVO, Cookie Consent) (CVE-2019-25143) , Jun 07, 2024
GDPR Cookie Compliance (CCPA, DSGVO, Cookie Consent) (7d5b4ba83a5c6004460bf267fe534a359e1416b0) , Jun 07, 2024
GDPR Cookie Compliance (CCPA, DSGVO, Cookie Consent) (CVE-2023-4013) , Jun 07, 2024
GDPR Cookie Compliance (CCPA, DSGVO, Cookie Consent) (CVE-2025-1621) , Mar 14, 2025
New vulnerability
Breeze – WordPress Cache Plugin (CVE-2026-2128) , May 30, 2026
Frontend Admin by DynamiApps (CVE-2026-6226) , May 30, 2026
Frontend Admin by DynamiApps (CVE-2026-7802) , May 30, 2026
EventPress (CVE-2026-6268) , May 30, 2026
WPComplete (CVE-2026-42750) , May 30, 2026