Browse all 7 CVE security advisories affecting Gutentor. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Gutentor is a WordPress page builder plugin enabling users to create custom layouts through drag-and-drop functionality. Historically, it has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, with seven CVEs documented. Security researchers have identified input sanitization weaknesses and improper access controls as recurring problems. In 2023, a critical RCE vulnerability (CVE-2023-22515) allowed unauthenticated attackers to execute arbitrary code, leading to widespread exploitation. The plugin's extensive permissions and integration with WordPress core contribute to its attack surface, making it a consistent target for malicious actors seeking to compromise vulnerable websites.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-58680 | WordPress Gutentor plugin <= 3.5.2 - Broken Access Control vulnerability — GutentorCWE-862 | 6.5 | Medium | 2025-09-22 |
| CVE-2025-58783 | WordPress Gutentor plugin <= 3.5.5 - Broken Access Control vulnerability — GutentorCWE-862 | 4.3 | Medium | 2025-09-05 |
| CVE-2025-22293 | WordPress Gutentor plugin <= 3.4.3 - Cross Site Scripting (XSS) vulnerability — GutentorCWE-79 | 6.5 | Medium | 2025-01-07 |
This page lists every published CVE security advisory associated with Gutentor. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.