Does Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem have any unpatched vulnerabilities?

No. All known vulnerabilities in Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem compatible with WordPress 6.9.4?

According to WordPress.org data, Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem 3.5.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem compatible with PHP 7.0+?

Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem Security & Risk Analysis

wordpress.org/plugins/gutenverse

The best Gutenberg blocks editor, block addons, page builder and website builder for Full Site Editing FSE with ready to import template library.

30K active installs v3.5.0 PHP 7.0+ WP + Updated Mar 10, 2026

blockseditorgutenberggutenberg-blockspage-builder

A · Safe

CVEs total7

Unpatched0

Last CVENov 28, 2025

Plugin page Download

Safety Verdict

Is Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem Safe to Use in 2026?

Generally Safe

Score 95/100

Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem has a strong security track record. Known vulnerabilities have been patched promptly.

7 known CVEsLast CVE: Nov 28, 2025Updated 24d ago

Risk Assessment

The Gutenverse plugin v3.5.0 exhibits a mixed security posture. While it demonstrates good practices in areas like SQL query sanitization and output escaping, a significant concern arises from its attack surface. Four AJAX handlers are present, with all four lacking proper authorization checks. This represents a substantial risk, as any unauthenticated user could potentially trigger these handlers, leading to unintended actions or information disclosure.

The vulnerability history of Gutenverse is a major red flag. With seven known medium-severity vulnerabilities, including Cross-site Scripting and Missing Authorization, this indicates a recurring pattern of security weaknesses. Although no vulnerabilities are currently unpatched, the historical prevalence suggests a lack of robust security development practices or thorough security auditing. The lack of critical or high-severity vulnerabilities in the static analysis is a positive sign, as is the proper use of prepared statements for SQL queries. However, the unprotected AJAX endpoints combined with the historical vulnerability data present a notable risk that requires immediate attention.

Key Concerns

Unprotected AJAX handlers
Multiple past medium severity vulnerabilities
Missing authorization checks on AJAX

Vulnerabilities

Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem Security Vulnerabilities

CVEs by Year

1 CVE in 2023

2023

3 CVEs in 2024

2024

3 CVEs in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

7 total CVEs

CVE-2025-66065medium · 4.3Missing Authorization

Gutenverse <= 3.2.1 - Missing Authorization

Nov 28, 2025 Patched in 3.3.0 (4d)

CVE-2025-7727medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Gutenverse <= 3.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Animated Text and Fun Fact Blocks

Aug 5, 2025 Patched in 3.1.1 (1d)

CVE-2025-2893medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Gutenverse <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via countdown Block

Apr 28, 2025 Patched in 3.0.0 (1d)

CVE-2024-43920medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Gutenverse <= 1.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

Aug 26, 2024 Patched in 2.0.0 (10d)

CVE-2024-38785medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Gutenverse <= 1.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jul 19, 2024 Patched in 1.9.3 (7d)

CVE-2024-3692medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Gutenverse <= 1.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Apr 12, 2024 Patched in 1.9.1 (17d)

CVE-2023-35875medium · 5.3Missing Authorization

Gutenverse <= 1.8.5 - Missing Authorization via 'data/update' API Endpoint

Jun 19, 2023 Patched in 1.8.6 (218d)

Code Analysis

Analyzed Mar 16, 2026

Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

169 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

97% escaped175 total outputs

Attack Surface

4 unprotected

Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem Attack Surface

Entry Points5

Unprotected4

AJAX Handlers 4

authwp_ajax_gutenverse_notice_closeincludes\class-banner.php:38

authwp_ajax_gutenverse_notice_reviewincludes\class-banner.php:39

authwp_ajax_gutenverse_upgrader_page_content_closeincludes\class-upgrader.php:27

authwp_ajax_gutenverse_upgrader_page_upgrade_closeincludes\class-upgrader.php:28

REST API Routes 1

GET/wp-json/gutenverse/v1get-post-dataincludes\class-api.php:136

WordPress Hooks 34

filtergutenverse_initial_meta_optionincludes\class-banner.php:42

actioninitincludes\class-blocks.php:24

filtergutenverse_block_categoriesincludes\class-blocks.php:25

filtergutenverse_dashboard_configincludes\class-dashboard.php:24

filtergutenverse_include_dashboardincludes\class-dashboard.php:25

filtergutenverse_block_configincludes\class-editor-assets.php:22

actiongutenverse_include_blockincludes\class-editor-assets.php:23

filtergutenverse_include_frontendincludes\class-frontend-assets.php:22

filtergutenverse_include_frontendincludes\class-frontend-assets.php:23

filtergutenverse_conditional_script_attributesincludes\class-frontend-assets.php:24

actionplugins_loadedincludes\class-gutenverse.php:164

actionplugins_loadedincludes\class-gutenverse.php:166

filterplugin_row_metaincludes\class-gutenverse.php:167

filtergutenverse_dashboard_configincludes\class-gutenverse.php:398

actionrest_api_initincludes\class-gutenverse.php:426

actiongutenverse_check_updateincludes\class-meta-option.php:24

actiongutenverse_initial_meta_optionincludes\class-meta-option.php:25

filtergutenverse_block_style_instanceincludes\class-style-generator.php:91

actionadmin_menuincludes\class-upgrade-wizard.php:32

filteradmin_titleincludes\class-upgrade-wizard.php:33

actionadmin_headincludes\class-upgrade-wizard.php:34

actionadmin_enqueue_scriptsincludes\class-upgrade-wizard.php:35

filtershow_admin_barincludes\class-upgrade-wizard.php:91

actionwp_headincludes\class-upgrade-wizard.php:100

actionwp_headincludes\class-upgrade-wizard.php:101

actionwp_headincludes\class-upgrade-wizard.php:102

actionwp_headincludes\class-upgrade-wizard.php:103

actionwp_footerincludes\class-upgrade-wizard.php:106

actionwp_footerincludes\class-upgrade-wizard.php:107

filterwp_enqueue_scriptsincludes\class-upgrade-wizard.php:111

actionwp_enqueue_scriptsincludes\class-upgrade-wizard.php:112

actioninitincludes\class-upgrader.php:25

actionadmin_initincludes\class-upgrader.php:26

actiongutenverse_plugin_upgradeincludes\class-upgrader.php:29

Maintenance & Trust

Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 10, 2026

PHP min version7.0

Downloads1.2M

Community Trust

Rating98/100

Number of ratings186

Active installs30K

Alternatives

Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem Alternatives

Kadence Blocks — Page Builder Toolkit for Gutenberg Editor

kadence-blocks

20+ AI-powered Gutenberg Blocks with endless options, enabling top-notch efficiency for high-performance dynamic website creation.

600K 31 CVEs

Page Builder: Pagelayer – Drag and Drop website builder

pagelayer

The most advanced frontend drag & drop page builder. Pagelayer is a light weight but extremely powerful Website Builder.

400K 25 CVEs

GutenKit – Page Builder Blocks, Patterns, and Templates for Gutenberg Block Editor

gutenkit-blocks-addon

GutenKit – Ultimate no-code Gutenberg blocks to design stunning web pages and visually stunning posts in WordPress block editor.

70K 3 CVEs

Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor

gutentor

Advanced yet easy, Gutenberg editor page builder blocks. Create a masterpiece, pixel perfect website using modern WordPress Gutenberg blocks.

30K 1 unpatched

BlockArt Blocks – Gutenberg Blocks, Page Builder Blocks ,WordPress Block Plugin, Sections & Template Library

blockart-blocks

Enhance the power of your WordPress editor with the dynamic Gutenberg blocks by BlockArt Blocks. Build any layout imaginable.

10K 3 CVEs

Developer Profile

Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem Developer Profile

Jegstudio

6 plugins · 57K total installs

trust score

Avg Security Score

98/100

Avg Patch Time

27 days

View full developer profile

Detection Fingerprints

How We Detect Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/gutenverse/assets/css/gutenverse.css/wp-content/plugins/gutenverse/assets/js/gutenverse.js

Script Paths

/wp-content/plugins/gutenverse/assets/js/gutenverse.js

Version Parameters

gutenverse/assets/css/gutenverse.css?ver=gutenverse/assets/js/gutenverse.js?ver=

HTML / DOM Fingerprints

CSS Classes

guten-post-commentguten-elementguten-post-comment-titlecomment-titletitle-textcomment-countcomment-post-title

Data Attributes

data-settings

JS Globals

gutenverse_data

FAQ