GutenBee – Gutenberg Blocks Security & Risk Analysis

wordpress.org/plugins/gutenbee

GutenBee enhances the Gutenberg editor with more blocks!

7K active installs v2.20.0 PHP 7.0+ WP 6.5+ Updated Mar 23, 2026
blocksgutenberg
96
A · Safe
CVEs total2
Unpatched0
Last CVEMay 27, 2026
Safety Verdict

Is GutenBee – Gutenberg Blocks Safe to Use in 2026?

Generally Safe

Score 96/100

GutenBee – Gutenberg Blocks has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

2 known CVEsLast CVE: May 27, 2026Updated 3mo ago
Risk Assessment

The static analysis of Gutenbee v2.19.1 reveals a generally strong security posture, with no identified attack surface points, dangerous functions, file operations, or external HTTP requests. The plugin utilizes prepared statements for all SQL queries and exhibits a high percentage of properly escaped output. This indicates good development practices for preventing common web vulnerabilities. Taint analysis also shows no identified flows with unsanitized paths, further bolstering confidence in the code's safety.

However, the plugin's vulnerability history is a significant concern. With one known CVE, even if currently unpatched, it suggests that vulnerabilities have existed in the past. The documented vulnerability type, Cross-site Scripting, is a common and potentially severe issue. The fact that the last vulnerability was dated in the future (2025-09-29) is an anomaly that requires further investigation, but regardless, the existence of past vulnerabilities means users should always ensure they are on the latest, patched version of the plugin. While the current version appears clean based on the static analysis, the historical pattern warrants vigilance.

In conclusion, Gutenbee v2.19.1 exhibits excellent technical security in its current code with no apparent immediate flaws in the static analysis. The plugin developers have implemented good practices regarding SQL and output sanitization. The primary weakness lies in its past vulnerability history, which necessitates a cautious approach and a commitment to timely updates. The anomaly in the last vulnerability date is a red flag that should prompt a deeper look into the historical data if possible.

Key Concerns

  • Known historical CVE exists
  • Medium severity vulnerability in history
  • Missing nonce checks
  • Missing capability checks
  • Some outputs not properly escaped
Vulnerabilities
2 published

GutenBee – Gutenberg Blocks Security Vulnerabilities

CVEs by Year

1 CVE in 2025
2025
1 CVE in 2026
2026
Patched Has unpatched

Severity Breakdown

High
1
Medium
1

2 total CVEs

CVE-2026-9227high · 8.8Unrestricted Upload of File with Dangerous Type

GutenBee <= 2.20.1 - Authenticated (Author+) Arbitrary File Upload via wp_check_filetype_and_ext Filter

May 27, 2026 Patched in 2.20.2 (1d)
CVE-2025-8566medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

GutenBee – Gutenberg Blocks <= 2.18.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Sep 29, 2025 Patched in 2.18.1 (57d)
Version History

GutenBee – Gutenberg Blocks Release Timeline

Code Analysis
Analyzed Mar 16, 2026

GutenBee – Gutenberg Blocks Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
7
72 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

91% escaped79 total outputs
Attack Surface

GutenBee – Gutenberg Blocks Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 18
actionenqueue_block_assetsgutenbee.php:40
actionwp_enqueue_scriptsgutenbee.php:93
actionadmin_enqueue_scriptsgutenbee.php:141
filterblock_categoriesgutenbee.php:157
filterblock_categories_allgutenbee.php:159
filterwp_check_filetype_and_extgutenbee.php:567
filterupload_mimesgutenbee.php:576
filterplugin_action_links_gutenbee/gutenbee.phpgutenbee.php:582
filterexcerpt_allowed_blocksgutenbee.php:591
filtergutenbee_settingsinc\blocks\post-types\block.php:6
actioninitinc\blocks\post-types\block.php:67
actionpre_get_postsinc\blocks\post-types\block.php:516
filterfound_postsinc\blocks\post-types\block.php:553
actioninitinc\options.php:7
actionadmin_menuinc\options.php:9
actionadmin_initinc\options.php:10
actionadmin_headinc\options.php:11
actionadmin_headinc\options.php:12
Maintenance & Trust

GutenBee – Gutenberg Blocks Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 23, 2026
PHP min version7.0
Downloads157K

Community Trust

Rating98/100
Number of ratings18
Active installs7K
Developer Profile

GutenBee – Gutenberg Blocks Developer Profile

The CSSIgniter Team

8 plugins · 30K total installs

93
trust score
Avg Security Score
98/100
Avg Patch Time
26 days
View full developer profile
Detection Fingerprints

How We Detect GutenBee – Gutenberg Blocks

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/gutenbee/build/gutenbee.build.js/wp-content/plugins/gutenbee/build/gutenbee.build.css/wp-content/plugins/gutenbee/build/gutenbee.scripts.css/wp-content/plugins/gutenbee/build/gutenbee.scripts.js/wp-content/plugins/gutenbee/build/gutenbee.animations.css/wp-content/plugins/gutenbee/build/gutenbee.animations.js/wp-content/plugins/gutenbee/assets/css/admin.css/wp-content/plugins/gutenbee/assets/js/admin.js
Script Paths
/wp-content/plugins/gutenbee/build/gutenbee.build.js/wp-content/plugins/gutenbee/build/gutenbee.scripts.js/wp-content/plugins/gutenbee/build/gutenbee.animations.js/wp-content/plugins/gutenbee/assets/js/admin.js
Version Parameters
gutenbee/build/gutenbee.build.js?ver=gutenbee/build/gutenbee.build.css?ver=gutenbee/build/gutenbee.scripts.css?ver=gutenbee/build/gutenbee.scripts.js?ver=gutenbee/build/gutenbee.animations.css?ver=gutenbee/build/gutenbee.animations.js?ver=gutenbee/assets/css/admin.css?ver=gutenbee/assets/js/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
gutenbee-block
Data Attributes
data-gutenbee-block
JS Globals
__GUTENBEE_SETTINGS__gutenbeeStrings
FAQ

Frequently Asked Questions about GutenBee – Gutenberg Blocks