cleantalk
Vulnerabilities and Security Researches

Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates, CVE-2026-10586

CVE, Research URL

CVE-2026-10586

Home page URL

Security reports for Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates

Application

Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates

Published on
Jun 05, 2026
Research Description
The Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.1.3 via the `save_ai_generated_image()` function. This makes it possible for authenticated attackers, with Author-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
Affected versions
max 6.1.4.
Status
vulnerable
Previous vulnerability researches
Fast & Effective Popups & Lead-Generation for WordPress – HollerBox (ea1743a404554a3ca4ad07e78b195d7f0d893a95) , Jun 07, 2024
Fast & Effective Popups & Lead-Generation for WordPress – HollerBox (CVE-2023-2111) , Jun 07, 2024
Fast & Effective Popups & Lead-Generation for WordPress – HollerBox (CVE-2023-41657) , Jun 07, 2024
Fast & Effective Popups & Lead-Generation for WordPress – HollerBox (CVE-2026-48885) , Jun 06, 2026
New vulnerability
WP Go Maps (formerly WP Google Maps) (CVE-2026-8385) , Jun 06, 2026
All-In-One Security (AIOS) – Security and Firewall (CVE-2026-8438) , Jun 06, 2026
Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress (CVE-2026-10038) , Jun 06, 2026
SEO Plugin by Squirrly SEO (CVE-2026-7624) , Jun 06, 2026
Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates (CVE-2026-10586) , Jun 06, 2026