Server-Side Request Forgery Vulnerability in Gutenberg Essential Blocks for WordPress
CVE-2025-11361

6.4MEDIUM

Key Information:

Vendor: WordPress
Status: Gutenberg Essential Blocks – Page Builder For Gutenberg Blocks & Patterns
Vendor: CVE Published:; 18 October 2025

What is CVE-2025-11361?

The Gutenberg Essential Blocks plugin for WordPress contains a vulnerability that allows authenticated users with Author-level access and higher to execute unauthorized web requests to arbitrary locations through the eb_save_ai_generated_image function. This flaw opens the door for attackers to interact with and potentially alter information held by internal services, making it critical to address this issue in all affected versions up to and including 5.7.1.

Affected Version(s)

Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns * <= 5.7.1

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/essential-bloc...

CVSS V3.1

Score:

6.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 18, 2025
Vulnerability Reserved
Oct 6, 2025

Credit

Dmitrii Ignatyev

JSON