CVE-2026-2951

Name of the Vulnerable Software and Affected Versions Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor versions prior to 3.5.6

Description The plugin is subject to Stored Cross-Site Scripting, a flaw where malicious scripts are permanently stored on the target server. This occurs due to insufficient input sanitization and output escaping, allowing authenticated attackers with contributor-level access and above to inject arbitrary web scripts into pages. These scripts execute whenever a user visits the affected page.

Recommendations Update to a version newer than 3.5.5.