Medium 6.5
2025-10-31< 21.9.0
CVE-2025-64354
Gutenberg
Minimum safe version
21.9.0
Update to 21.9.0 or later to address 9 fixable vulnerabilities
Latest available23.1.1 ✓Affected up to18.0.0 ⚠⚠ 1 vulnerability has no fix
Medium 6.5
2024-07-21< 18.6.1
CVE-2024-37492
N/A
≥ 12.9.0 and ≤ 18.0.0
WordPress Gutenberg Plugin 12.9.0-18.0.0 is vulnerable to Cross Site Scripting (XSS)
N/A
2024-04-09≥ 12.9.0 and ≤ 18.0.0
Gutenberg 12.9.0 - 18.0.0 - Unauthenticated & Authenticated (Contributor+) Stored Cross-Site Scripting via Avatar Block
N/A
< 16.8.1
Gutenberg < 16.8.1 - Contributor+ Stored XSS
Medium 6.5
2023-10-13< 16.8.1
CVE-2023-38000
N/A
< 14.3.1
Gutenberg < 14.3.1 - Multiple Stored XSS
N/A
2022-03-11< 12.7.2
WordPress Core < 5.9.2 & Gutenberg < 12.7.2 - Prototype Pollution via Block Editor
N/A
2022-10-18< 14.3.1
WordPress Core < 6.0.3 & Gutenberg < 14.3.1 - Authenticated Cross-Site Scripting in Various Blocks
N/A
2022-10-18< 14.3.1
WordPress Gutenberg plugin <= 14.3.0 - Multiple Stored Cross-Site Scripting (XSS) vulnerabilities
Low 3.0 Unfixed
2022-08-04≤ 17.3.0
WordPress Gutenberg plugin <= 13.7.3 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
N/A
2022-03-11< 12.7.2
WordPress Gutenberg plugin <= 12.7.1 - Stored Cross-Site Scripting (XSS) vulnerability