Filtered by vendor Cssigniterteam
Subscriptions
Filtered by product Gutenbee – Gutenberg Blocks
Subscriptions
Total
1 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-9227 | 2 Cssigniterteam, Wordpress | 2 Gutenbee – Gutenberg Blocks, Wordpress | 2026-05-29 | 8.8 High |
| The GutenBee – Gutenberg Blocks plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 2.20.1 via the gutenbee_file_and_ext_json function. This is due to a flawed strpos() substring check that only verifies whether the filename contains the string '.json' rather than confirming the filename ends with a .json extension, allowing double-extension filenames like shell.json.php to bypass validation. This makes it possible for authenticated attackers, with author-level access and above, to upload files that may be executable, which makes remote code execution possible. | ||||
Page 1 of 1.