Gutenberg essential blocks – page builder for gutenberg blocks & patterns

This hub aggregates every CVE we track for Gutenberg essential blocks – page builder for gutenberg blocks & patterns, a product in the web cms plugins space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Gutenberg essential blocks – page builder for gutenberg blocks & patterns.

• CVE-2026-10586Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns <= 6.1.3 - Authenticated (Author+) Server-Side Request Forgery7.2Jun 4, 2026
• CVE-2026-4658Gutenberg Essential Blocks <= 6.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attributes6.4May 2, 2026
• CVE-2025-11369Essential Blocks <= 5.7.2 - Missing Authorization To Authenticated (Author+) Information Disclosure4.3Dec 17, 2025
• CVE-2025-11270Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns <= 5.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting6.4Oct 18, 2025
• CVE-2025-11361Essential Blocks <= 5.7.1 - Authenticated (Author+) Server-Side Request Forgery6.4Oct 18, 2025
• CVE-2025-4682Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 5.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Slider and Post Carousel Widgets6.4May 27, 2025
• CVE-2025-1664Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 5.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting6.4Mar 8, 2025
• CVE-2024-13803Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 5.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting6.4Feb 26, 2025
• CVE-2024-12045Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 5.0.9 - Authenticated (Admin+) Stored Cross-Site Scripting4.4Jan 8, 2025
• CVE-2024-4891Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 4.5.12 - Authenticated (Contributor+) Stored Cross-Site Scripting6.4May 18, 2024
• CVE-2024-3818Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 4.5.9 - Authenticated (Contributor+) DOM-Based Cross-Site Scripting via "Social Icons" Block5.4Apr 19, 2024
• CVE-2024-2255Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 4.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting6.4Mar 20, 2024
• CVE-2024-1854Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 4.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting6.4Mar 13, 2024
• CVE-2023-7071Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 4.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting6.4Jan 11, 2024
• CVE-2023-4386Essential Blocks <= 4.2.0 - Unauthenticated PHP Object Injection via queries8.1Oct 20, 2023