Stored Cross-Site Scripting Vulnerability in Gutenberg Essential Blocks Plugin for WordPress
CVE-2026-10833

6.4MEDIUM

What is CVE-2026-10833?

The Gutenberg Essential Blocks plugin for WordPress is vulnerable to a stored cross-site scripting (XSS) issue. This vulnerability arises from inadequate input sanitization and output escaping within the 'configurablePrefix' Block Attribute, affecting all versions up to and including 6.1.4. Authenticated users with Contributor-level access or higher can exploit this flaw to insert arbitrary web scripts, leading to the execution of malicious scripts when targeted pages are accessed by unsuspecting users. This can compromise user data and site integrity, underscoring the importance of applying necessary updates and security measures.

Affected Version(s)

Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns 0 <= 6.1.4

References

CVSS V3.1

Score:
6.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Viet Anh Ngo
.