CVE-2026-0950
MEDIUMCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
2Description
The Spectra Gutenberg Blocks - Website Builder for the Block Editor plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 2.19.17. This is due to the plugin failing to check `post_password_required()` before rendering post excerpts in the `render_excerpt()` function and the `uagb_get_excerpt()` helper function. This makes it possible for unauthenticated attackers to read excerpts of password-protected posts by simply viewing any page that contains a Spectra Post Grid, Post Masonry, Post Carousel, or Post Timeline block.
Analysis
Spectra Gutenberg Blocks plugin for WordPress fails to properly check password protection before displaying post excerpts, allowing unauthenticated attackers to read excerpts from password-protected posts through Post Grid, Post Masonry, Post Carousel, and Post Timeline blocks. The vulnerability affects all versions up to 2.19.17 and requires no authentication or user interaction to exploit. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 30 days: Identify affected systems running for WordPress is vulnerable to Information Disclosure in all and apply vendor patches as part of regular patch cycle. Review data exposure and access controls.
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today