Arbitrary File Upload Vulnerability in GutenBee Plugin for WordPress
CVE-2026-9227

8.8HIGH

Key Information:

Vendor: WordPress
Status: Gutenbee – Gutenberg Blocks
Vendor: CVE Published:; 28 May 2026

What is CVE-2026-9227?

The GutenBee – Gutenberg Blocks plugin for WordPress contains a vulnerability that allows authenticated attackers with author-level access or higher to upload arbitrary files. This security flaw arises from an inadequate substring check within the gutenbee_file_and_ext_json function. Instead of ensuring that the file names conclude with the .json extension, the check merely looks for the presence of '.json' within the filename. This oversight permits the use of double-extension filenames, such as shell.json.php, effectively bypassing validation protocols. Consequently, this vulnerability exposes sites to the risk of remote code execution, highlighting the critical need for secure file upload mechanisms.

Affected Version(s)

GutenBee – Gutenberg Blocks 0 <= 2.20.1

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/gutenbee/tags/...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 28, 2026
Vulnerability Reserved
May 21, 2026

Credit

Athiwat Tiprasaharn

CVE-2026-9227 Data

JSON