Software Type Plugin
Software Slug gutenberg (view on
Software Status Active
Software Author matveb
Software Website
Software Downloads 42,813,515
Software Active Installs 300,000
Software Record Last Updated July 25, 2024

5 Vulnerabilities

Title Status CVE ID CVSS Researchers Date
WordPress Core < 6.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Template Part Block Patched CVE-2024-31111 6.4 Rafie Muhammad June 24, 2024
Gutenberg 12.9.0 - 18.0.0 - Unauthenticated & Authenticated (Contributor+) Stored Cross-Site Scripting via Avatar Block Patched 6.4 John Blackbourn, stealthcopter April 9, 2024
WordPress Core 5.9-6.3.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via Navigation Attributes Patched CVE-2023-38000 6.4 Rafie Muhammad, Edourard L October 12, 2023
WordPress Core < 6.0.3 & Gutenberg < 14.3.1 - Authenticated Cross-Site Scripting in Various Blocks Patched 6.4 Alex Concha October 18, 2022
WordPress Core < 5.9.2 & Gutenberg < 12.7.2 - Prototype Pollution via Block Editor Patched 5.4 Researchers from Johns Hopkins University March 11, 2022

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.