CVE-2026-9227 – GutenBee

CVE ID :CVE-2026-9227

Published : May 28, 2026, 8:16 a.m. | 15 minutes ago

Description :The GutenBee – Gutenberg Blocks plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 2.20.1 via the gutenbee_file_and_ext_json function. This is due to a flawed strpos() substring check that only verifies whether the filename contains the string ‘.json’ rather than confirming the filename ends with a .json extension, allowing double-extension filenames like shell.json.php to bypass validation. This makes it possible for authenticated attackers, with author-level access and above, to upload files that may be executable, which makes remote code execution possible.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-9813 – FlowIntel external reference URL probe allows server-side request forgery

CVE-2026-4377 – Use of Weak Credentials in D-Link DWR-X1820 router

CVE-2026-47074 – ex_aws_sns SigningCertURL not validated in verify_message/1

CVE-2026-46241 – spi: mpc52xx: fix use-after-free on registration failure