cleantalk
Vulnerabilities and Security Researches

Gutenify – Visual Site Builder Blocks & Site Templates., CVE-2025-8605

CVE, Research URL

CVE-2025-8605

Home page URL

Security reports for Gutenify – Visual Site Builder Blocks & Site Templates.

Application

Gutenify – Visual Site Builder Blocks & Site Templates.

Published on
Nov 18, 2025
Research Description
The Gutenify – Visual Site Builder Blocks & Site Templates. plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's block attributes in all versions up to, and including, 1.5.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
max 1.5.9.
Status
vulnerable
Previous vulnerability researches
Events Calendar for GeoDirectory (CVE-2025-26967) , Mar 05, 2025
Events Calendar for GeoDirectory (CVE-2026-39532) , Apr 23, 2026
GeoDirectory – WordPress Business Directory Plugin, or Classified Directory (CVE-2024-56259) , Jan 03, 2025
GeoDirectory – WordPress Business Directory Plugin, or Classified Directory (CVE-2024-13507) , Jul 30, 2025
GeoDirectory – WordPress Business Directory Plugin, or Classified Directory (CVE-2024-3732) , Jun 06, 2024
New vulnerability
Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor (CVE-2026-2951) , Apr 24, 2026
Revive.so – Bulk Rewrite and Republish Blog Posts (CVE-2025-59551) , Apr 24, 2026
Zoho Subscriptions – Embed Payment Form (CVE-2025-57963) , Apr 24, 2026
Sentence To SEO (keywords, description and tags) (CVE-2026-4142) , Apr 24, 2026
Fast & Fancy Filter – 3F (CVE-2026-6396) , Apr 24, 2026