Where should operators start on this Plugin hub?

Start with the priority CVE quick links, then open the full report for affected versions, remediation notes, CVSS vectors, and source references.

Plugin Vulnerability Hub

Plugin 26 known issues Latest disclosed Dec 16, 2025

Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns Vulnerabilities

Q: How many Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns vulnerabilities have patch guidance?

26 of 26 tracked Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns records include a published patch path.

Review known vulnerability records for the WordPress plugin Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns (`essential-blocks`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2025-11369, CVE-2025-11361 and CVE-2025-11270, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed

Known Records

High or Critical

Patch Coverage

100%

Last Updated

Feb 11, 2026

Priority CVE Quick Links

Fast paths into Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs

CVE-2023-6623 Critical 4.4.3

CVE-2023-6623 Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns Local File Inclusion

Essential Blocks <= 4.4.2 - Unauthenticated Local File Inclusion

CVE-2025-11361 Medium 5.7.2

CVE-2025-11361 Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns Server-Side Request Forgery

Essential Blocks <= 5.7.1 - Authenticated (Author+) Server-Side Request Forgery

CVE-2025-11270 Medium 5.7.2

CVE-2025-11270 Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns Stored Cross-Site Scripting

Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns <= 5.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

CVE-2025-4682 Medium 5.4.1

CVE-2025-4682 Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns Stored Cross-Site Scripting

Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 5.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Slider and Post Carousel Widgets

CVE-2025-1664 Medium 5.3.2

CVE-2025-1664 Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns Stored Cross-Site Scripting

Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 5.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

CVE-2024-13803 Medium 5.3.0

CVE-2024-13803 Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns Stored Cross-Site Scripting

Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 5.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

CVE-2024-47385 Medium 4.9.0

CVE-2024-47385 Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns Stored Cross-Site Scripting

Essential Blocks for Gutenberg <= 4.8.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

CVE-2024-5595 Medium 4.7.0

CVE-2024-5595 Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns Stored Cross-Site Scripting

Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 4.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility

26 records include a published patch path, leaving 0 with no listed safe release yet.

Severity Mix

1 critical and 0 high severity findings.

Recent CVEs

CVE-2025-11369, CVE-2025-11361 and CVE-2025-11270

Reference Workflow

Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.

Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

CVE-2025-11369 Medium Patch path listed

CVE-2025-11369: Essential Blocks <= 5.7.2 - Missing Authorization To Authenticated (Author+) Information Disclosure

The Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns plugin for WordPress is vulnerable to unauthorized access of data due to a missing or incorrect capability check...

Published

Dec 16, 2025

Patch Status

5.7.3

Open CVE-2025-11369 Report

CVE-2025-11361 Medium Patch path listed

CVE-2025-11361: Essential Blocks <= 5.7.1 - Authenticated (Author+) Server-Side Request Forgery

The Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.7.1 vi...

Published

Oct 17, 2025

Patch Status

5.7.2

Open CVE-2025-11361 Report

CVE-2025-11270 Medium Patch path listed

CVE-2025-11270: Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns <= 5.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'titleTag' attribute in all versions u...

Published

Oct 17, 2025

Patch Status

5.7.2

Open CVE-2025-11270 Report

Known Vulnerabilities

Reports for Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns

Sorted by latest disclosure date so newly published issues surface first.

Plugin Medium Patched: Yes CVE-2025-11369

CVE-2025-11369: Essential Blocks <= 5.7.2 - Missing Authorization To Authenticated (Author+) Information Disclosure

The Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns plugin for WordPress is vulnerable to unauthorized access of data due to a missing or incorrect capability checks on the get_instagram_access_token_callback, google_map_api_key_save_callback and get_sit...

Published

Dec 16, 2025

Patched Release

5.7.3

Affected Versions

Versions up to 5.7.2

Next Step

Update to 5.7.3 or newer if supported.

Open CVE-2025-11369 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2025-11361

CVE-2025-11361: Essential Blocks <= 5.7.1 - Authenticated (Author+) Server-Side Request Forgery

The Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.7.1 via the eb_save_ai_generated_image function. This makes it possible for authenticated attack...

Published

Oct 17, 2025

Patched Release

5.7.2

Affected Versions

Versions up to 5.7.1

Next Step

Update to 5.7.2 or newer if supported.

Open CVE-2025-11361 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2025-11270

CVE-2025-11270: Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns <= 5.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'titleTag' attribute in all versions up to, and including, 5.7.1 due to insufficient input sanitization and output escaping. Thi...

Published

Oct 17, 2025

Patched Release

5.7.2

Affected Versions

Versions up to 5.7.1

Next Step

Update to 5.7.2 or newer if supported.

Open CVE-2025-11270 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2025-4682

CVE-2025-4682: Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 5.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Slider and Post Carousel Widgets

The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via HTML attributes in Slider and Post Carousel widgets in all versions up to, and including, 5.4.0 due to insufficient input sanitization...

Published

May 26, 2025

Patched Release

5.4.1

Affected Versions

Versions up to 5.4.0

Next Step

Update to 5.4.1 or newer if supported.

Open CVE-2025-4682 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2025-1664

CVE-2025-1664: Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 5.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Parallax slider in all versions up to, and including, 5.3.1 due to insufficient input sanitization and output escaping. This makes...

Published

Mar 07, 2025

Patched Release

5.3.2

Affected Versions

Versions up to 5.3.1

Next Step

Update to 5.3.2 or newer if supported.

Open CVE-2025-1664 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-13803

CVE-2024-13803: Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 5.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data-marker’ parameter in all versions up to, and including, 5.2.3 due to insufficient input sanitization and output escaping. Thi...

Published

Feb 25, 2025

Patched Release

5.3.0

Affected Versions

Versions up to 5.2.3

Next Step

Update to 5.3.0 or newer if supported.

Open CVE-2024-13803 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2025-26871

CVE-2025-26871: Essential Blocks for Gutenberg <= 4.8.3 - Missing Authorization

The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 4.8.3. This makes it possible for authenticated attackers, wi...

Published

Feb 22, 2025

Patched Release

4.8.4

Affected Versions

Versions up to 4.8.3

Next Step

Update to 4.8.4 or newer if supported.

Open CVE-2025-26871 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-12045

CVE-2024-12045: Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 5.0.9 - Authenticated (Admin+) Stored Cross-Site Scripting

The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the maker title value of the Google Maps block in all versions up to, and including, 5.0.9 due to insufficient input sanitization and o...

Published

Jan 07, 2025

Patched Release

5.1.1

Affected Versions

Versions up to 5.1.0

Next Step

Update to 5.1.1 or newer if supported.

Open CVE-2024-12045 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-47385

CVE-2024-47385: Essential Blocks for Gutenberg <= 4.8.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Essential Blocks for Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.8.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level acce...

Published

Sep 30, 2024

Patched Release

4.9.0

Affected Versions

Versions up to 4.8.4

Next Step

Update to 4.9.0 or newer if supported.

Open CVE-2024-47385 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-5595

CVE-2024-5595: Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 4.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'post-carousel' block in all versions up to, and including, 4.6.1 due to insufficient input sanitization and output escaping on use...

Published

Jul 12, 2024

Patched Release

4.7.0

Affected Versions

Versions up to 4.6.1

Next Step

Update to 4.7.0 or newer if supported.

Open CVE-2024-5595 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-4891

CVE-2024-4891: Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 4.5.12 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tagName’ parameter in versions up to, and including, 4.5.12 due to insufficient input sanitization and output escaping. This makes...

Published

May 16, 2024

Patched Release

4.5.13

Affected Versions

Versions up to 4.5.12

Next Step

Update to 4.5.13 or newer if supported.

Open CVE-2024-4891 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-3818

CVE-2024-3818: Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 4.5.9 - Authenticated (Contributor+) DOM-Based Cross-Site Scripting via "Social Icons" Block

The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's "Social Icons" block in all versions up to, and including, 4.5.9 due to insufficient input sanitization and output escapin...

Published

Apr 18, 2024

Patched Release

4.5.10

Affected Versions

Versions up to 4.5.9

Next Step

Update to 4.5.10 or newer if supported.

Open CVE-2024-3818 Report Open CVE Reference