Stored Cross-Site Scripting Vulnerability in Gutenberg Essential Blocks Plugin for WordPress
CVE-2026-10833
6.4MEDIUM
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 25 June 2026
What is CVE-2026-10833?
The Gutenberg Essential Blocks plugin for WordPress is vulnerable to a stored cross-site scripting (XSS) issue. This vulnerability arises from inadequate input sanitization and output escaping within the 'configurablePrefix' Block Attribute, affecting all versions up to and including 6.1.4. Authenticated users with Contributor-level access or higher can exploit this flaw to insert arbitrary web scripts, leading to the execution of malicious scripts when targeted pages are accessed by unsuspecting users. This can compromise user data and site integrity, underscoring the importance of applying necessary updates and security measures.
Affected Version(s)
Gutenberg Essential Blocks β Page Builder for Gutenberg Blocks & Patterns 0 <= 6.1.4