Jegstudio

Gutenverse

13 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2026-54832

  • EPSS -
  • Veröffentlicht 26.06.2026 14:52:23
  • Zuletzt bearbeitet 26.06.2026 18:17:00

Unauthenticated Broken Access Control in Gutenverse Companion <= 2.5.0 versions.

6.1

CVE-2026-3001

  • EPSS 0.2%
  • Veröffentlicht 27.05.2026 07:45:54
  • Zuletzt bearbeitet 27.05.2026 14:50:47

The Gutenverse plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 3.4.6 due to insufficient input sanitization and output escaping. Specifically, the `render_content()` met...

6.4

CVE-2026-2948

  • EPSS 0.15%
  • Veröffentlicht 05.05.2026 03:37:37
  • Zuletzt bearbeitet 05.05.2026 19:08:20

The Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.5.3 via the import_images() function. This makes it possible for authenticated att...

6.4

CVE-2026-2868

  • EPSS 0.15%
  • Veröffentlicht 05.05.2026 02:26:57
  • Zuletzt bearbeitet 05.05.2026 19:09:32

The Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'separatorIconSVG' parameter in versions up to, and including, 3.5.3 due to insufficient input sanitization an...

6.4

CVE-2026-2924

  • EPSS 0.2%
  • Veröffentlicht 04.04.2026 02:26:20
  • Zuletzt bearbeitet 24.04.2026 18:13:28

The Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'imageLoad' parameter in versions up to, and including, 3.4.6 due to insufficient input sanitization and outpu...

6.4

CVE-2025-14984

  • EPSS 0.27%
  • Veröffentlicht 08.01.2026 09:20:52
  • Zuletzt bearbeitet 15.04.2026 00:35:42

The Gutenverse Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file upload in all versions up to, and including, 2.3.2. This is due to the plugin's framework component adding SVG to the allowed MIME types via the upload...

6.5

CVE-2025-66065

  • EPSS 0.21%
  • Veröffentlicht 21.11.2025 12:29:55
  • Zuletzt bearbeitet 27.04.2026 18:16:32

Missing Authorization vulnerability in Jegstudio Gutenverse gutenverse allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gutenverse: from n/a through <= 3.2.1.

6.4

CVE-2025-7727

  • EPSS 0.27%
  • Veröffentlicht 06.08.2025 06:38:39
  • Zuletzt bearbeitet 15.04.2026 00:35:42

The Gutenverse plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Animated Text and Fun Fact blocks in all versions up to, and including, 3.1.0 due to insufficient input sanitization and output escaping on user supplie...

5.4

CVE-2025-2893

  • EPSS 0.22%
  • Veröffentlicht 29.04.2025 06:37:46
  • Zuletzt bearbeitet 06.05.2025 14:13:38

The Gutenverse – Ultimate Block Addons and Page Builder for Site Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's countdown Block in all versions up to, and including, 2.2.1 due to insufficient input sanitizat...

5.3

CVE-2023-35875

  • EPSS 0.55%
  • Veröffentlicht 13.12.2024 15:15:16
  • Zuletzt bearbeitet 28.04.2026 19:20:48

Missing Authorization vulnerability in Jegstudio Gutenverse allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gutenverse: from n/a through 1.8.5.