CVE-2026-1395

Name of the Vulnerable Software and Affected Versions Gutentools versions prior to 1.1.4

Description The Gutentools plugin for WordPress contains a Stored Cross-Site Scripting issue. This occurs because of insufficient input sanitization and output escaping, combined with a custom unescaping routine that reintroduces dangerous characters. Authenticated attackers with Contributor-level access or higher can inject arbitrary web scripts via the block id attribute of the Post Slider block, which execute when a user visits the affected page.

Recommendations Update to a version newer than 1.1.3.