Skip to main content

Gutenverse Wordpress Blocks Page Builder Site Editor

1 CVEs product

Monthly

CVE-2026-12399 MEDIUM This Month

Stored Cross-Site Scripting in the Gutenverse WordPress Blocks, Page Builder & Site Editor plugin (all versions through 3.8.0) enables authenticated editor-level users to persist arbitrary JavaScript into pages served to any site visitor. The vulnerability is constrained to WordPress multi-site installations or single-site deployments where unfiltered_html has been explicitly disabled. No public exploit has been identified at time of analysis, and a upstream fix commit (changeset 3578328) has been published to the WordPress plugin repository.

WordPress XSS Gutenverse Wordpress Blocks Page Builder Site Editor
NVD VulDB
CVSS 3.1
4.4
EPSS
0.2%
EPSS 0% CVSS 4.4
MEDIUM This Month

Stored Cross-Site Scripting in the Gutenverse WordPress Blocks, Page Builder & Site Editor plugin (all versions through 3.8.0) enables authenticated editor-level users to persist arbitrary JavaScript into pages served to any site visitor. The vulnerability is constrained to WordPress multi-site installations or single-site deployments where unfiltered_html has been explicitly disabled. No public exploit has been identified at time of analysis, and a upstream fix commit (changeset 3578328) has been published to the WordPress plugin repository.

WordPress XSS Gutenverse Wordpress Blocks Page Builder Site Editor
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy