WordPress/gutenberg

WordPress/gutenberg

Releases24.7K

Frequency7 hours 28 minutes

Last Release about 5 hours ago

Stars11.7K

The Block Editor project for WordPress and beyond. Plugin is available from the official repository.

Log in to subscribe

CVE History

CVE	Affected	Published	CVSS v3	CVSS v2
CVE-2024-13284NVD↗	< 2.13.0, >= 3.0.0, < 3.0.5	Jan 9, 2025Thursday, 9 January 2025, 20:15	8.8 HIGH	—
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Gutenberg allows Cross Site Request Forgery.This issue affects Gutenberg: from 0.0.0 before 2.13.0, from 3.0.0 before 3.0.5.
CVE-2023-38000NVD↗	<= 16.8.0	Oct 13, 2023Friday, 13 October 2023, 10:15	6.5 MEDIUM	—
Auth. Stored (contributor+) Cross-Site Scripting (XSS) vulnerability in WordPress core 6.3 through 6.3.1, from 6.2 through 6.2.2, from 6.1 through 6.1.3, from 6.0 through 6.0.5, from 5.9 through 5.9.7 and Gutenberg plugin <= 16.8.0 versions.
CVE-2022-33994NVD↗	<= 13.7.3	Jul 30, 2022Saturday, 30 July 2022, 20:15	3 LOW	—
The Gutenberg plugin through 13.7.3 for WordPress allows stored XSS by the Contributor role via an SVG document to the "Insert from URL" feature. NOTE: the XSS payload does not execute in the context of the WordPress instance's domain; however, analogous attempts by low-privileged users to reference SVG documents are blocked by some similar products, and this behavioral difference might have security relevance to some WordPress site administrators.