VulnTitan VulnTitan Security command center
Plugin Vulnerability Hub
Plugin 28 known issues Latest disclosed May 29, 2026

Spectra Gutenberg Blocks – Website Builder for the Block Editor Vulnerabilities

Review known vulnerability records for the WordPress plugin Spectra Gutenberg Blocks – Website Builder for the Block Editor (`ultimate-addons-for-gutenberg`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2026-7465, CVE-2026-42648 and CVE-2026-0950, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed
Known Records
28
High or Critical
2
Patch Coverage
100%
Last Updated
May 29, 2026
Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for Spectra Gutenberg Blocks – Website Builder for the Block Editor so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility
28 records include a published patch path, leaving 0 with no listed safe release yet.
Severity Mix
0 critical and 2 high severity findings.
Recent CVEs
CVE-2026-7465, CVE-2026-42648 and CVE-2026-0950
Reference Workflow
Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.
Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

CVE-2026-42648 Medium Patch path listed

Spectra <= 2.19.22 - Missing Authorization

The Spectra plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 2.19.22. This makes it possible for au...

Published
Mar 27, 2026
Patch Status
2.19.23
Open Full Report
Known Vulnerabilities

Reports for Spectra Gutenberg Blocks – Website Builder for the Block Editor

Sorted by latest disclosure date so newly published issues surface first.

Plugin High Patched: Yes CVE-2026-7465
Spectra Gutenberg Blocks <= 2.19.25 - Authenticated (Contributor+) Remote Code Execution via Arbitrary PHP Function Call via Block Attributes

The Spectra Gutenberg Blocks – Website Builder for the Block Editor plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.19.25. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute c...

Published
May 29, 2026
Patched Release
2.19.26
Affected Versions
Versions up to 2.19.25
Next Step
Update to 2.19.26 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2026-42648
Spectra <= 2.19.22 - Missing Authorization

The Spectra plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 2.19.22. This makes it possible for authenticated attackers, with contributor-level access and above, to perform an unauthorized...

Published
Mar 27, 2026
Patched Release
2.19.23
Affected Versions
Versions up to 2.19.22
Next Step
Update to 2.19.23 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2026-0950
Spectra Gutenberg Blocks <= 2.19.17 - Unauthenticated Information Disclosure in Sensitive Data

The Spectra Gutenberg Blocks – Website Builder for the Block Editor plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 2.19.17. This is due to the plugin failing to check `post_password_required()` before rendering post excerpts in...

Published
Feb 02, 2026
Patched Release
2.19.18
Affected Versions
Versions up to 2.19.17
Next Step
Update to 2.19.18 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2026-24982
Spectra <= 2.19.17 - Missing Authorization

The Spectra Gutenberg Blocks – Website Builder for the Block Editor plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.19.17. This makes it possible for unauthenticated attackers to per...

Published
Jan 17, 2026
Patched Release
2.19.18
Affected Versions
Versions up to 2.19.17
Next Step
Update to 2.19.18 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-11162
Spectra <= 2.19.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom CSS

The Spectra Gutenberg Blocks – Website Builder for the Block Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom CSS in all versions up to, and including, 2.19.14 due to insufficient input sanitization and output escaping. This makes it possibl...

Published
Nov 04, 2025
Patched Release
2.19.15
Affected Versions
Versions up to 2.19.14
Next Step
Update to 2.19.15 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-1784
Spectra – WordPress Gutenberg Blocks <= 2.19.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the uagb block in all versions up to, and including, 2.19.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacker...

Published
Mar 25, 2025
Patched Release
2.19.1
Affected Versions
Versions up to 2.19.0
Next Step
Update to 2.19.1 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-10484
Spectra – WordPress Gutenberg Blocks <= 2.16.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Team Widget

The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Team' widget in all versions up to, and including, 2.16.2 due to insufficient input sanitization and output escaping on user supplied attributes. This make...

Published
Dec 02, 2024
Patched Release
2.16.3
Affected Versions
Versions up to 2.16.2
Next Step
Update to 2.16.3 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-7590
Spectra – WordPress Gutenberg Blocks <= 2.15.0 - Authenticated (Contributor+) Stored Cross-site Scripting

The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the FAQ heading tag in all versions up to, and including, 2.15.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it po...

Published
Aug 07, 2024
Patched Release
2.15.1
Affected Versions
Versions up to 2.15.0
Next Step
Update to 2.15.1 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-37517
Spectra <= 2.13.7 - Missing Authorization via generate_ai_content

The Spectra plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient capability check on the generate_ai_content() function in versions up to, and including, 2.13.7. This makes it possible for authenticated attackers, with contributor-level a...

Published
Jul 05, 2024
Patched Release
2.13.8
Affected Versions
Versions up to 2.13.7
Next Step
Update to 2.13.8 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-4366
Spectra – WordPress Gutenberg Blocks <= 2.13.0 - Authenticated (Author+) Stored Cross-Site Scripting

The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘block_id’ parameter in versions up to, and including, 2.13.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated at...

Published
May 23, 2024
Patched Release
2.13.1
Affected Versions
Versions up to 2.13.0
Next Step
Update to 2.13.1 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-1814
Spectra – WordPress Gutenberg Blocks <= 2.12.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Testimonial Block

The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Testimonial block in all versions up to, and including, 2.12.8 due to insufficient input sanitization and output escaping on user supplied attributes. This...

Published
May 22, 2024
Patched Release
2.12.9
Affected Versions
Versions up to 2.12.8
Next Step
Update to 2.12.9 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-1815
Spectra – WordPress Gutenberg Blocks <= 2.12.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Gallery Block

The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Gallery block in all versions up to, and including, 2.12.8 due to insufficient input sanitization and output escaping on user supplied attributes. Thi...

Published
May 22, 2024
Patched Release
2.12.9
Affected Versions
Versions up to 2.12.8
Next Step
Update to 2.12.9 or newer if supported.
Open Full Report Open CVE Reference