Jegstudio

Gutenverse

9 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.4

CVE-2026-2924

  • EPSS 0.03%
  • Veröffentlicht 04.04.2026 02:26:20
  • Zuletzt bearbeitet 07.04.2026 13:20:55

The Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'imageLoad' parameter in versions up to, and including, 3.4.6 due to insufficient input sanitization and outpu...

6.4

CVE-2025-14984

  • EPSS 0.02%
  • Veröffentlicht 08.01.2026 09:20:52
  • Zuletzt bearbeitet 15.04.2026 00:35:42

The Gutenverse Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file upload in all versions up to, and including, 2.3.2. This is due to the plugin's framework component adding SVG to the allowed MIME types via the upload...

5.3

CVE-2025-66065

  • EPSS 0.05%
  • Veröffentlicht 21.11.2025 12:29:55
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Missing Authorization vulnerability in Jegstudio Gutenverse gutenverse allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gutenverse: from n/a through <= 3.2.1.

6.4

CVE-2025-7727

  • EPSS 0.04%
  • Veröffentlicht 06.08.2025 06:38:39
  • Zuletzt bearbeitet 15.04.2026 00:35:42

The Gutenverse plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Animated Text and Fun Fact blocks in all versions up to, and including, 3.1.0 due to insufficient input sanitization and output escaping on user supplie...

5.4

CVE-2025-2893

  • EPSS 0.16%
  • Veröffentlicht 29.04.2025 06:37:46
  • Zuletzt bearbeitet 06.05.2025 14:13:38

The Gutenverse – Ultimate Block Addons and Page Builder for Site Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's countdown Block in all versions up to, and including, 2.2.1 due to insufficient input sanitizat...

5.3

CVE-2023-35875

  • EPSS 0.17%
  • Veröffentlicht 13.12.2024 15:15:16
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Missing Authorization vulnerability in Jegstudio Gutenverse allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gutenverse: from n/a through 1.8.5.

5.4

CVE-2024-43920

  • EPSS 0.29%
  • Veröffentlicht 29.08.2024 19:15:08
  • Zuletzt bearbeitet 04.09.2024 14:06:43

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jegstudio Gutenverse allows Stored XSS.This issue affects Gutenverse: from n/a through 1.9.4.

5.4

CVE-2024-38785

  • EPSS 0.14%
  • Veröffentlicht 21.07.2024 21:15:02
  • Zuletzt bearbeitet 21.11.2024 09:26:49

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jegstudio Gutenverse allows Stored XSS.This issue affects Gutenverse: from n/a through 1.9.2.

6.1

CVE-2024-3692

Exploit
  • EPSS 0.18%
  • Veröffentlicht 03.05.2024 06:15:14
  • Zuletzt bearbeitet 08.05.2025 16:27:30

The Gutenverse WordPress plugin before 1.9.1 does not validate the htmlTag option in various of its block before outputting it back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Store...