Perceptive Security
SOC/SIEM Consultancy
The GutenBee – Gutenberg Blocks plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 2.20.1 via the gutenbee_file_a…
Published:
27 May 2026 at 22:00:00
Alert date:
28 May 2026 at 14:02:15
Source:
nvd.nist.gov
Web Technologies
The GutenBee Gutenberg Blocks plugin for WordPress versions up to 2.20.1 contains an arbitrary file upload vulnerability. The flaw exists in the gutenbee_file_and_ext_json function due to improper validation using strpos() that only checks if '.json' exists in the filename rather than verifying it ends with .json extension. This allows attackers to upload files with double extensions like shell.json.php to bypass validation. Authenticated attackers with author-level access or higher can exploit this to upload executable files, potentially leading to remote code execution.
Technical details
Mitigation steps:
Affected products:
GutenBee Gutenberg Blocks WordPress Plugin
Related links:
https://nvd.nist.gov/vuln/detail/CVE-2026-9227
https://github.com/cssigniter/gutenbee/commit/bde934cdecf67a4de1d6548cc1fc6c59bc6690e5
https://plugins.trac.wordpress.org/browser/gutenbee/tags/2.20.0/gutenbee.php#L570
https://plugins.trac.wordpress.org/browser/gutenbee/tags/2.20.0/gutenbee.php#L571
https://plugins.trac.wordpress.org/browser/gutenbee/tags/2.20.0/gutenbee.php#L579
https://plugins.trac.wordpress.org/browser/gutenbee/tags/2.20.1/gutenbee.php#L570
https://plugins.trac.wordpress.org/browser/gutenbee/tags/2.20.1/gutenbee.php#L571
https://plugins.trac.wordpress.org/browser/gutenbee/tags/2.20.1/gutenbee.php#L579
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3543574%40gutenbee&new=3543574%40gutenbee&sfp_email=&sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/2d20e8c9-975d-4e8c-8bea-50935853c7d4?source=cve
Related CVE's:
Related threat actors:
IOC's:
This article was created with the assistance of AI technology by Perceptive.