VulnTitan VulnTitan Security command center
Plugin Vulnerability Hub
Plugin 11 known issues Latest disclosed Sep 22, 2025

Getwid – Gutenberg Blocks Vulnerabilities

Review known vulnerability records for the WordPress plugin Getwid – Gutenberg Blocks (`getwid`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2025-58252, CVE-2024-10872 and CVE-2024-6491, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed
Known Records
11
High or Critical
1
Patch Coverage
100%
Last Updated
Oct 08, 2025
Priority CVE Quick Links

Fast paths into Getwid – Gutenberg Blocks CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs
11
CVE-2023-1895 High 1.8.4
CVE-2023-1895 Getwid – Gutenberg Blocks Server-Side Request Forgery

Getwid – Gutenberg Blocks <= 1.8.3 - Authenticated(Subscriber+) Server Side Request Forgery

CVE-2024-10872 Medium 2.0.13
CVE-2024-10872 Getwid – Gutenberg Blocks Stored Cross-Site Scripting

Getwid – Gutenberg Blocks <= 2.0.12 - Authenticated (Contributor+) Stored Cross-Site Scripting

CVE-2024-3588 Medium 2.0.8
CVE-2024-3588 Getwid – Gutenberg Blocks Stored Cross-Site Scripting

Getwid – Gutenberg Blocks <= 2.0.7 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via 'Countdown'

CVE-2024-1948 Medium 2.0.6
CVE-2024-1948 Getwid – Gutenberg Blocks Stored Cross-Site Scripting

Getwid – Gutenberg Blocks <= 2.0.5 - Authenticated(Contributor+) Stored Cross-Site Scripting via Block Content

CVE-2024-6489 Medium 2.0.11
CVE-2024-6489 Getwid – Gutenberg Blocks Vulnerability

Getwid – Gutenberg Blocks <= 2.0.10 - Missing Authorization to Google API key update

CVE-2023-6963 Medium 2.0.5
CVE-2023-6963 Getwid – Gutenberg Blocks Vulnerability

Getwid – Gutenberg Blocks <= 2.0.4 - Captcha Bypass

CVE-2023-6042 Medium 2.0.3
CVE-2023-6042 Getwid – Gutenberg Blocks Vulnerability

Getwid – Gutenberg Blocks <= 2.0.2 - Improper Input Validation to Arbitrary Email Sending to Admin

CVE-2025-58252 Medium 2.1.3
CVE-2025-58252 Getwid – Gutenberg Blocks Sensitive Information Exposure

Getwid <= 2.1.2 - Authenticated (Contributor+) Sensitive Information Exposure

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for Getwid – Gutenberg Blocks so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility
11 records include a published patch path, leaving 0 with no listed safe release yet.
Severity Mix
0 critical and 1 high severity finding.
Recent CVEs
CVE-2025-58252, CVE-2024-10872 and CVE-2024-6491
Reference Workflow
Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.
Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

Known Vulnerabilities

Reports for Getwid – Gutenberg Blocks

Sorted by latest disclosure date so newly published issues surface first.

Plugin Medium Patched: Yes CVE-2025-58252
CVE-2025-58252: Getwid <= 2.1.2 - Authenticated (Contributor+) Sensitive Information Exposure

The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.2. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive user or configuration...

Published
Sep 22, 2025
Patched Release
2.1.3
Affected Versions
Versions up to 2.1.2
Next Step
Update to 2.1.3 or newer if supported.
Open CVE-2025-58252 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-10872
CVE-2024-10872: Getwid – Gutenberg Blocks <= 2.0.12 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `template-post-custom-field` block in all versions up to, and including, 2.0.12 due to insufficient input sanitization and output escaping. This makes it possible for authentic...

Published
Nov 19, 2024
Patched Release
2.0.13
Affected Versions
Versions up to 2.0.12
Next Step
Update to 2.0.13 or newer if supported.
Open CVE-2024-10872 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-6491
CVE-2024-6491: Getwid – Gutenberg Blocks <= 2.0.10 - Missing Authentication to MailChimp API key update

The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the mailchimp_api_key_manage function in all versions up to, and including, 2.0.10. This makes it possible for authenticated attackers, with...

Published
Jul 19, 2024
Patched Release
2.0.11
Affected Versions
Versions up to 2.0.10
Next Step
Update to 2.0.11 or newer if supported.
Open CVE-2024-6491 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-6489
CVE-2024-6489: Getwid – Gutenberg Blocks <= 2.0.10 - Missing Authorization to Google API key update

The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the get_google_api_key function in all versions up to, and including, 2.0.10. This makes it possible for authenticated attackers, with Contri...

Published
Jul 19, 2024
Patched Release
2.0.11
Affected Versions
Versions up to 2.0.10
Next Step
Update to 2.0.11 or newer if supported.
Open CVE-2024-6489 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-3588
CVE-2024-3588: Getwid – Gutenberg Blocks <= 2.0.7 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via 'Countdown'

The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown block in all versions up to, and including, 2.0.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possi...

Published
Apr 26, 2024
Patched Release
2.0.8
Affected Versions
Versions up to 2.0.7
Next Step
Update to 2.0.8 or newer if supported.
Open CVE-2024-3588 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-1948
CVE-2024-1948: Getwid – Gutenberg Blocks <= 2.0.5 - Authenticated(Contributor+) Stored Cross-Site Scripting via Block Content

The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the block content in all versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with c...

Published
Mar 21, 2024
Patched Release
2.0.6
Affected Versions
Versions up to 2.0.5
Next Step
Update to 2.0.6 or newer if supported.
Open CVE-2024-1948 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2023-6959
CVE-2023-6959: Getwid – Gutenberg Blocks <= 2.0.4 - Missing Authorization to Recaptcha API Key Modification

The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the recaptcha_api_key_manage function in all versions up to, and including, 2.0.3. This makes it possible for authenticated attackers, with s...

Published
Jan 17, 2024
Patched Release
2.0.5
Affected Versions
Versions up to 2.0.4
Next Step
Update to 2.0.5 or newer if supported.
Open CVE-2023-6959 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2023-6963
CVE-2023-6963: Getwid – Gutenberg Blocks <= 2.0.4 - Captcha Bypass

The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to CAPTCHA Bypass in versions up to, and including, 2.0.4. This makes it possible for unauthenticated attackers to bypass the Captcha Verification of the Contact Form block by omitting 'g-recaptcha-response' from th...

Published
Jan 17, 2024
Patched Release
2.0.5
Affected Versions
Versions up to 2.0.4
Next Step
Update to 2.0.5 or newer if supported.
Open CVE-2023-6963 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2023-6042
CVE-2023-6042: Getwid – Gutenberg Blocks <= 2.0.2 - Improper Input Validation to Arbitrary Email Sending to Admin

The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized arbitrary email sending due to insufficient limitations on the content of emails sent in all versions up to, and including, 2.0.2. This makes it possible for unauthenticated attackers to send emails...

Published
Dec 15, 2023
Patched Release
2.0.3
Affected Versions
Versions up to 2.0.2
Next Step
Update to 2.0.3 or newer if supported.
Open CVE-2023-6042 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2023-1910
CVE-2023-1910: Getwid – Gutenberg Blocks <= 1.8.3 - Improper Authorization via get_remote_templates REST endpoint

The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient capability check on the get_remote_templates function in versions up to, and including, 1.8.3. This makes it possible for authenticated attackers with subs...

Published
Jun 06, 2023
Patched Release
1.8.4
Affected Versions
Versions up to 1.8.3
Next Step
Update to 1.8.4 or newer if supported.
Open CVE-2023-1910 Report Open CVE Reference
Plugin High Patched: Yes CVE-2023-1895
CVE-2023-1895: Getwid – Gutenberg Blocks <= 1.8.3 - Authenticated(Subscriber+) Server Side Request Forgery

The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Server Side Request Forgery via the get_remote_content REST API endpoint in versions up to, and including, 1.8.3. This can allow authenticated attackers with subscriber-level permissions or above to make web requ...

Published
Jun 06, 2023
Patched Release
1.8.4
Affected Versions
Versions up to 1.8.3
Next Step
Update to 1.8.4 or newer if supported.
Open CVE-2023-1895 Report Open CVE Reference