cleantalk
Vulnerabilities and Security Researches

Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates, CVE-2026-10586

CVE, Research URL

CVE-2026-10586

Home page URL

Security reports for Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates

Application

Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates

Published on
Jun 05, 2026
Research Description
The Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.1.3 via the `save_ai_generated_image()` function. This makes it possible for authenticated attackers, with Author-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
Affected versions
max 6.1.4.
Status
vulnerable
Previous vulnerability researches
Support Ticket System (CVE-2015-7670) , Jun 10, 2024
New vulnerability
Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates (CVE-2026-10586) , Jun 06, 2026
Fast & Effective Popups & Lead-Generation for WordPress – HollerBox (CVE-2026-48885) , Jun 06, 2026
Contact Form by WPForms – Drag & Drop Form Builder for WordPress (CVE-2026-7792) , Jun 06, 2026
Slider by Soliloquy – Responsive Image Slider for WordPress (CVE-2019-25743) , Jun 06, 2026
Photo Gallery by 10Web – Mobile-Friendly Image Gallery (CVE-2026-49771) , Jun 06, 2026