| CVE-2026-2951 | Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor <= 3.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gutentor Block HTML | gutentor | Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor | Medium | 5.4 | 2026-04-23 02:25:21 | Deep Dive |
| CVE-2026-6703 | Responsive Blocks <= 2.2.1 - Missing Authorization to Authenticated (Contributor+) Arbitrary Modification via AJAX Actions | cyberchimps | Responsive Blocks – Page Builder for Blocks & Patterns | Medium | 4.3 | 2026-04-21 06:43:59 | Deep Dive |
| CVE-2026-6675 | Responsive Blocks <= 2.2.0 - Unauthenticated Open Email Relay via REST API 'email_to' Parameter | cyberchimps | Responsive Blocks – Page Builder for Blocks & Patterns | Medium | 5.3 | 2026-04-21 02:25:40 | Deep Dive |
| CVE-2026-4801 | Page Builder Gutenberg Blocks <= 3.1.16 - Authenticated (Contributor+) Stored Cross-Site Scripting via External iCal Feed Data | godaddy | Page Builder Gutenberg Blocks – CoBlocks | Medium | 6.4 | 2026-04-18 03:37:04 | Deep Dive |
| CVE-2026-4895 | Greenshift <= 12.8.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via disablelazy Attribute | wpsoul | Greenshift – animation and page builder blocks | Medium | 6.4 | 2026-04-11 01:24:59 | Deep Dive |
| CVE-2026-3498 | BlockArt Blocks <= 2.2.15 - Authenticated (Author+) Stored Cross-Site Scripting via 'clientId' Block Attribute | wpblockart | BlockArt Blocks – Gutenberg Blocks, Page Builder Blocks ,WordPress Block Plugin, Sections & Template Library | Medium | 6.4 | 2026-04-11 01:24:59 | Deep Dive |
| CVE-2026-2826 | Kadence Blocks — Page Builder Toolkit for Gutenberg Editor <= 3.6.3 - Missing Authorization to Authenticated (Contributor+) Media Upload | stellarwp | Kadence Blocks — Page Builder Toolkit for Gutenberg Editor | Medium | 4.3 | 2026-04-04 08:25:20 | Deep Dive |
| CVE-2026-2371 | Greenshift <= 12.8.3 - Missing Authorization to Unauthenticated Private Reusable Block Disclosure via 'gspb_el_reusable_load' | wpsoul | Greenshift – animation and page builder blocks | Medium | 5.3 | 2026-03-06 23:22:59 | Deep Dive |
| CVE-2026-2589 | Greenshift – animation and page builder blocks <= 12.8.3 - Unauthenticated Sensitive Information Exposure via Settings Backup | wpsoul | Greenshift – animation and page builder blocks | Medium | 5.3 | 2026-03-05 23:21:31 | Deep Dive |
| CVE-2026-2593 | Greenshift – animation and page builder blocks <= 12.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting | wpsoul | Greenshift – animation and page builder blocks | Medium | 6.4 | 2026-03-05 21:24:07 | Deep Dive |
| CVE-2026-1614 | Rise Blocks – A Complete Gutenberg Page Builder <= 3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Site Identity Block Attributes | eaglethemes | Rise Blocks – A Complete Gutenberg Page Builder | Medium | 6.4 | 2026-02-25 06:54:52 | Deep Dive |
| CVE-2025-69390 | WordPress Business Template Blocks for WPBakery (Visual Composer) Page Builder plugin <= 1.3.2 - Reflected Cross Site Scripting (XSS) vulnerability | themebon | Business Template Blocks for WPBakery (Visual Composer) Page Builder | - | - | 2026-02-20 15:46:55 | Deep Dive |
| CVE-2026-2633 | Gutenberg Blocks with AI by Kadence WP <= 3.6.1 - Missing Authorization to Authenticated (Contributor+) Unauthorized Media Upload | stellarwp | Kadence Blocks — Page Builder Toolkit for Gutenberg Editor | Medium | 4.3 | 2026-02-18 06:42:43 | Deep Dive |
| CVE-2026-1857 | Gutenberg Blocks with AI by Kadence WP <= 3.6.1 - Authenticated (Contributor+) Server-Side Request Forgery via 'endpoint' Parameter | stellarwp | Kadence Blocks — Page Builder Toolkit for Gutenberg Editor | Medium | 4.3 | 2026-02-18 06:42:40 | Deep Dive |
| CVE-2026-2608 | Gutenberg Blocks by Kadence Blocks <= 3.5.32 - Missing Authorization | stellarwp | Kadence Blocks — Page Builder Toolkit for Gutenberg Editor | Medium | 4.3 | 2026-02-17 11:20:37 | Deep Dive |
| CVE-2026-1927 | GreenShift - Animation and Page Builder Blocks <= 12.6 - Missing Authorization to Authenticated (Subscriber+) Information Disclosure of AI API Keys and Stored Cross-Site Scripting via custom_css | wpsoul | Greenshift – animation and page builder blocks | Medium | 5.4 | 2026-02-05 13:27:38 | Deep Dive |
| CVE-2025-14283 | BlockArt Blocks – Gutenberg Blocks, Page Builder Blocks ,WordPress Block Plugin, Sections & Template Library <= 2.2.14 - Authenticated (Contributor+) Stored Cross-Site Scripting | wpblockart | BlockArt Blocks – Gutenberg Blocks, Page Builder Blocks ,WordPress Block Plugin, Sections & Template Library | Medium | 6.4 | 2026-01-28 11:23:41 | Deep Dive |
| CVE-2025-11369 | Essential Blocks <= 5.7.2 - Missing Authorization To Authenticated (Author+) Information Disclosure | wpdevteam | Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns | Medium | 4.3 | 2025-12-17 01:48:52 | Deep Dive |
| CVE-2025-14119 | App Landing Template Blocks for WPBakery Page Builder <= 2.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes | themebon | App Landing Template Blocks for WPBakery (Visual Composer) Page Builder | Medium | 6.4 | 2025-12-12 03:20:46 | Deep Dive |
| CVE-2025-13697 | BlockArt Blocks – Gutenberg Blocks, Page Builder Blocks ,WordPress Block Plugin, Sections & Template Library <= 2.2.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via `timestamp` Attribute | wpblockart | BlockArt Blocks – Gutenberg Blocks, Page Builder Blocks ,WordPress Block Plugin, Sections & Template Library | Medium | 6.4 | 2025-12-02 01:51:57 | Deep Dive |