Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for GutenBee – Gutenberg Blocks by cssigniterteam

    CVE-2026-9227 (GCVE-0-2026-9227)

    Vulnerability from nvd – Published: 2026-05-28 06:45 – Updated: 2026-05-28 10:35
    VLAI
    Title
    GutenBee <= 2.20.1 - Authenticated (Author+) Arbitrary File Upload via wp_check_filetype_and_ext Filter
    Summary
    The GutenBee – Gutenberg Blocks plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 2.20.1 via the gutenbee_file_and_ext_json function. This is due to a flawed strpos() substring check that only verifies whether the filename contains the string '.json' rather than confirming the filename ends with a .json extension, allowing double-extension filenames like shell.json.php to bypass validation. This makes it possible for authenticated attackers, with author-level access and above, to upload files that may be executable, which makes remote code execution possible.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-434 - Unrestricted Upload of File with Dangerous Type
    Assigner
    Impacted products
    Vendor Product Version
    cssigniterteam GutenBee – Gutenberg Blocks Affected: 0 , ≤ 2.20.1 (semver)
    Create a notification for this product.
    Credits
    Athiwat Tiprasaharn
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-9227",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-28T10:27:37.477965Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-28T10:35:06.797Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "GutenBee \u2013 Gutenberg Blocks",
              "vendor": "cssigniterteam",
              "versions": [
                {
                  "lessThanOrEqual": "2.20.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Athiwat Tiprasaharn"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The GutenBee \u2013 Gutenberg Blocks plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 2.20.1 via the gutenbee_file_and_ext_json function. This is due to a flawed strpos() substring check that only verifies whether the filename contains the string \u0027.json\u0027 rather than confirming the filename ends with a .json extension, allowing double-extension filenames like shell.json.php to bypass validation. This makes it possible for authenticated attackers, with author-level access and above, to upload files that may be executable, which makes remote code execution possible."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-28T06:45:39.874Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2d20e8c9-975d-4e8c-8bea-50935853c7d4?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/gutenbee/tags/2.20.1/gutenbee.php#L571"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/gutenbee/tags/2.20.1/gutenbee.php#L570"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/gutenbee/tags/2.20.1/gutenbee.php#L579"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/gutenbee/tags/2.20.0/gutenbee.php#L571"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/gutenbee/tags/2.20.0/gutenbee.php#L570"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/gutenbee/tags/2.20.0/gutenbee.php#L579"
            },
            {
              "url": "https://github.com/cssigniter/gutenbee/commit/bde934cdecf67a4de1d6548cc1fc6c59bc6690e5"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3543574%40gutenbee\u0026new=3543574%40gutenbee\u0026sfp_email=\u0026sfph_mail="
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-21T18:47:37.000Z",
              "value": "Vendor Notified"
            },
            {
              "lang": "en",
              "time": "2026-05-27T18:02:02.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "GutenBee \u003c= 2.20.1 - Authenticated (Author+) Arbitrary File Upload via wp_check_filetype_and_ext Filter"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2026-9227",
        "datePublished": "2026-05-28T06:45:39.874Z",
        "dateReserved": "2026-05-21T18:32:17.661Z",
        "dateUpdated": "2026-05-28T10:35:06.797Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-8566 (GCVE-0-2025-8566)

    Vulnerability from nvd – Published: 2025-09-30 03:35 – Updated: 2026-04-08 16:35
    VLAI
    Title
    GutenBee – Gutenberg Blocks <= 2.18.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
    Summary
    The GutenBee – Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via parameters in the CountUp and Google Maps Blocks in all versions up to, and including, 2.18.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    cssigniterteam GutenBee – Gutenberg Blocks Affected: 0 , ≤ 2.18.0 (semver)
    Create a notification for this product.
    Credits
    D.Sim
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-8566",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-30T15:23:35.919355Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-30T15:23:43.697Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "GutenBee \u2013 Gutenberg Blocks",
              "vendor": "cssigniterteam",
              "versions": [
                {
                  "lessThanOrEqual": "2.18.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "D.Sim"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The GutenBee \u2013 Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via parameters in the CountUp and Google Maps Blocks in all versions up to, and including, 2.18.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T16:35:45.775Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0f99e32b-3985-4c50-817e-f54245e8b9c1?source=cve"
            },
            {
              "url": "https://wordpress.org/plugins/gutenbee/"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=3369525%40gutenbee%2Ftrunk\u0026old=3281877%40gutenbee%2Ftrunk\u0026sfp_email=\u0026sfph_mail="
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-11-25T13:54:06.000Z",
              "value": "Vendor Notified"
            },
            {
              "lang": "en",
              "time": "2025-09-29T15:28:37.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "GutenBee \u2013 Gutenberg Blocks \u003c= 2.18.0 - Authenticated (Contributor+) Stored Cross-Site Scripting"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2025-8566",
        "datePublished": "2025-09-30T03:35:24.160Z",
        "dateReserved": "2025-08-04T20:52:02.906Z",
        "dateUpdated": "2026-04-08T16:35:45.775Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-9227 (GCVE-0-2026-9227)

    Vulnerability from cvelistv5 – Published: 2026-05-28 06:45 – Updated: 2026-05-28 10:35
    VLAI
    Title
    GutenBee <= 2.20.1 - Authenticated (Author+) Arbitrary File Upload via wp_check_filetype_and_ext Filter
    Summary
    The GutenBee – Gutenberg Blocks plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 2.20.1 via the gutenbee_file_and_ext_json function. This is due to a flawed strpos() substring check that only verifies whether the filename contains the string '.json' rather than confirming the filename ends with a .json extension, allowing double-extension filenames like shell.json.php to bypass validation. This makes it possible for authenticated attackers, with author-level access and above, to upload files that may be executable, which makes remote code execution possible.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-434 - Unrestricted Upload of File with Dangerous Type
    Assigner
    Impacted products
    Vendor Product Version
    cssigniterteam GutenBee – Gutenberg Blocks Affected: 0 , ≤ 2.20.1 (semver)
    Create a notification for this product.
    Credits
    Athiwat Tiprasaharn
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-9227",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-28T10:27:37.477965Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-28T10:35:06.797Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "GutenBee \u2013 Gutenberg Blocks",
              "vendor": "cssigniterteam",
              "versions": [
                {
                  "lessThanOrEqual": "2.20.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Athiwat Tiprasaharn"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The GutenBee \u2013 Gutenberg Blocks plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 2.20.1 via the gutenbee_file_and_ext_json function. This is due to a flawed strpos() substring check that only verifies whether the filename contains the string \u0027.json\u0027 rather than confirming the filename ends with a .json extension, allowing double-extension filenames like shell.json.php to bypass validation. This makes it possible for authenticated attackers, with author-level access and above, to upload files that may be executable, which makes remote code execution possible."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-28T06:45:39.874Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2d20e8c9-975d-4e8c-8bea-50935853c7d4?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/gutenbee/tags/2.20.1/gutenbee.php#L571"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/gutenbee/tags/2.20.1/gutenbee.php#L570"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/gutenbee/tags/2.20.1/gutenbee.php#L579"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/gutenbee/tags/2.20.0/gutenbee.php#L571"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/gutenbee/tags/2.20.0/gutenbee.php#L570"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/gutenbee/tags/2.20.0/gutenbee.php#L579"
            },
            {
              "url": "https://github.com/cssigniter/gutenbee/commit/bde934cdecf67a4de1d6548cc1fc6c59bc6690e5"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3543574%40gutenbee\u0026new=3543574%40gutenbee\u0026sfp_email=\u0026sfph_mail="
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-21T18:47:37.000Z",
              "value": "Vendor Notified"
            },
            {
              "lang": "en",
              "time": "2026-05-27T18:02:02.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "GutenBee \u003c= 2.20.1 - Authenticated (Author+) Arbitrary File Upload via wp_check_filetype_and_ext Filter"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2026-9227",
        "datePublished": "2026-05-28T06:45:39.874Z",
        "dateReserved": "2026-05-21T18:32:17.661Z",
        "dateUpdated": "2026-05-28T10:35:06.797Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-8566 (GCVE-0-2025-8566)

    Vulnerability from cvelistv5 – Published: 2025-09-30 03:35 – Updated: 2026-04-08 16:35
    VLAI
    Title
    GutenBee – Gutenberg Blocks <= 2.18.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
    Summary
    The GutenBee – Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via parameters in the CountUp and Google Maps Blocks in all versions up to, and including, 2.18.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    cssigniterteam GutenBee – Gutenberg Blocks Affected: 0 , ≤ 2.18.0 (semver)
    Create a notification for this product.
    Credits
    D.Sim
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-8566",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-30T15:23:35.919355Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-30T15:23:43.697Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "GutenBee \u2013 Gutenberg Blocks",
              "vendor": "cssigniterteam",
              "versions": [
                {
                  "lessThanOrEqual": "2.18.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "D.Sim"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The GutenBee \u2013 Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via parameters in the CountUp and Google Maps Blocks in all versions up to, and including, 2.18.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T16:35:45.775Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0f99e32b-3985-4c50-817e-f54245e8b9c1?source=cve"
            },
            {
              "url": "https://wordpress.org/plugins/gutenbee/"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=3369525%40gutenbee%2Ftrunk\u0026old=3281877%40gutenbee%2Ftrunk\u0026sfp_email=\u0026sfph_mail="
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-11-25T13:54:06.000Z",
              "value": "Vendor Notified"
            },
            {
              "lang": "en",
              "time": "2025-09-29T15:28:37.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "GutenBee \u2013 Gutenberg Blocks \u003c= 2.18.0 - Authenticated (Contributor+) Stored Cross-Site Scripting"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2025-8566",
        "datePublished": "2025-09-30T03:35:24.160Z",
        "dateReserved": "2025-08-04T20:52:02.906Z",
        "dateUpdated": "2026-04-08T16:35:45.775Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }