📦

gutenberg

Vendor: wordpress

Actively Exploited 0 CISA KEV List

PoC / Exploits 0 Code Available

Total RCEs 0 Remote Access

Total CVEs 1 Total Indexed

Avg. EPSS 0.28% Exploit Prob.

Latest CVE CVE-2024-13284 Jan 09

Security Vulnerability Index

Page 1 / 1

8.8 CVSS

CVE-2024-13284

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Gutenberg allows Cross Site Request Forgery.This issue affects Gutenberg: from 0.0.0 before 2.13.0, from 3.0.0 before 3.0.5.

EPSS: 0.22%

Severity: HIGH

Jan 09, 2025

6.5 CVSS

CVE-2023-38000

Auth. Stored (contributor+) Cross-Site Scripting (XSS) vulnerability in WordPress core 6.3 through 6.3.1, from 6.2 through 6.2.2, from 6.1 through 6.1.3, from 6.0 through 6.0.5, from 5.9 through 5.9.7 and Gutenberg plugin <= 16.8.0 versions.

EPSS: 0.35%

Severity: MEDIUM

Oct 13, 2023

3.0 CVSS

CVE-2022-33994

The Gutenberg plugin through 13.7.3 for WordPress allows stored XSS by the Contributor role via an SVG document to the "Insert from URL" feature. NOTE: the XSS payload does not execute in the context of the WordPress instance's domain; however, analogous attempts by low-privileged users to reference SVG documents are blocked by some similar products, and this behavioral difference might have security relevance to some WordPress site administrators.

EPSS: 0.29%

Severity: LOW

Jul 30, 2022

Displaying 3 of 1 Total Entries

Total 1 Sections