cleantalk
Vulnerabilities and Security Researches

Gutenify – Visual Site Builder Blocks & Site Templates., CVE-2025-8605

CVE, Research URL

CVE-2025-8605

Home page URL

Security reports for Gutenify – Visual Site Builder Blocks & Site Templates.

Application

Gutenify – Visual Site Builder Blocks & Site Templates.

Published on
Nov 18, 2025
Research Description
The Gutenify – Visual Site Builder Blocks & Site Templates. plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's block attributes in all versions up to, and including, 1.5.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
max 1.5.9.
Status
vulnerable
Previous vulnerability researches
Team – WordPress Team Members Showcase Plugin (CVE-2025-57975) , Apr 23, 2026
Team – WordPress Team Members Showcase Plugin (CVE-2026-25026) , Mar 30, 2026
Team – WordPress Team Members Showcase Plugin (CVE-2026-32396) , Mar 30, 2026
Team – WordPress Team Members Showcase Plugin (CVE-2024-9236) , May 19, 2025
Team – WordPress Team Members Showcase Plugin (CVE-2025-14124) , Jan 09, 2026
New vulnerability
Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor (CVE-2026-2951) , Apr 24, 2026
Revive.so – Bulk Rewrite and Republish Blog Posts (CVE-2025-59551) , Apr 24, 2026
Zoho Subscriptions – Embed Payment Form (CVE-2025-57963) , Apr 24, 2026
Sentence To SEO (keywords, description and tags) (CVE-2026-4142) , Apr 24, 2026
Fast & Fancy Filter – 3F (CVE-2026-6396) , Apr 24, 2026