CVE-2026-2948

Name of the Vulnerable Software and Affected Versions Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem versions prior to 3.5.4

Description An issue exists where authenticated attackers with contributor-level access and above can perform Server-Side Request Forgery (SSRF), which is a flaw allowing a server to be coerced into making requests to an unintended location. This is possible through the import images() function, enabling attackers to make web requests to arbitrary locations from the web application to query or modify information from internal services.

Recommendations Update to a version later than 3.5.3. As a temporary workaround, restrict access to the import images() function to minimize the risk of exploitation.