Browse all 7 CVE security advisories affecting Gutentor. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Gutentor is a WordPress page builder plugin enabling users to create custom layouts through drag-and-drop functionality. Historically, it has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, with seven CVEs documented. Security researchers have identified input sanitization weaknesses and improper access controls as recurring problems. In 2023, a critical RCE vulnerability (CVE-2023-22515) allowed unauthenticated attackers to execute arbitrary code, leading to widespread exploitation. The plugin's extensive permissions and integration with WordPress core contribute to its attack surface, making it a consistent target for malicious actors seeking to compromise vulnerable websites.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-2951 | Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor <= 3.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gutentor Block HTML — Gutentor – Gutenberg Blocks – Page Builder for Gutenberg EditorCWE-79 | 5.4 | Medium | 2026-04-23 |
| CVE-2025-4685 | Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor <= 3.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets — Gutentor – Gutenberg Blocks – Page Builder for Gutenberg EditorCWE-79 | 6.4 | Medium | 2025-07-21 |
| CVE-2024-10178 | Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor <= 3.3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget — Gutentor – Gutenberg Blocks – Page Builder for Gutenberg EditorCWE-79 | 6.4 | Medium | 2024-12-05 |
This page lists every published CVE security advisory associated with Gutentor. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.