Spectra Gutenberg Blocks – Website Builder for the Block Editor

Vulnerabilities 33Slug ultimate-addons-for-gutenbergLatest version 2.19.26WordPress.org →

Minimum safe version

2.19.23

Update to 2.19.23 or later to address 33 fixable vulnerabilities

Latest available2.19.26
Medium 4.3
2026-04-29< 2.19.23

CVE-2026-42648

CVEWordfence
N/A
2026-02-02< 2.19.18

Spectra Gutenberg Blocks <= 2.19.17 - Unauthenticated Information Disclosure in Sensitive Data

WordfenceCVE
Medium 5.3
2026-02-03< 2.19.18

CVE-2026-24982

CVEWordfence
Medium 6.4
2025-11-05< 2.19.15

CVE-2025-11162

CVEWordfence
Medium 6.4
2025-03-26< 2.19.1

Spectra – WordPress Gutenberg Blocks <= 2.19.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

EUVDWordfenceCVE
N/A
2023-07-14< 2.6.7

Spectra <= 2.6.6 - Authenticated (Contributor+) Server-Side Request Forgery in template_importer

Wordfence
N/A
2023-01-25< 2.3.2

Spectra – WordPress Gutenberg Blocks <= 2.3.1 - Missing Authorization Checks

Wordfence
N/A
2023-01-25< 2.3.3

Spectra – WordPress Gutenberg Blocks <= 2.3.1 - Cross-Site Request Forgery to Plugin Activation

Wordfence
N/A
< 1.14.8

Spectra &ndash; WordPress Gutenberg Blocks &lt;= 1.14.7 - Authenticated Settings Change

Wordfence
N/A
2022-05-31< 1.25.6

Spectra – WordPress Gutenberg Blocks <= 1.25.5 - Reflected Cross-Site Scripting

Wordfence
N/A
< 1.14.8

Gutenberg Blocks - Ultimate Addons for Gutenberg &lt; 1.14.8 - Authenticated Settings Change

WPScan
N/A
< 1.25.6

Spectra &lt; 1.25.6 - Reflected Cross-Site Scripting

WPScan
N/A
2022-06-13< 1.25.6

WordPress Spectra plugin <= 1.25.5 - Reflected Cross-Site Scripting (XSS) vulnerability

Patchstack
N/A
2020-04-08< 1.14.8

WordPress Gutenberg Blocks plugin <= 1.14.7 - Authenticated Settings Change vulnerability

Patchstack