The GutenBee – Gutenberg Blocks plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 2.20.1 via the gutenbee_file_a…

Published:

27 mei 2026 om 22:00:00

Alert date:

28 mei 2026 om 14:02:15

Source:

nvd.nist.gov

Web Technologies

The GutenBee Gutenberg Blocks plugin for WordPress versions up to 2.20.1 contains an arbitrary file upload vulnerability. The flaw exists in the gutenbee_file_and_ext_json function due to improper validation using strpos() that only checks if '.json' exists in the filename rather than verifying it ends with .json extension. This allows attackers to upload files with double extensions like shell.json.php to bypass validation. Authenticated attackers with author-level access or higher can exploit this to upload executable files, potentially leading to remote code execution.

Technical details

Mitigation steps:

Affected products:

GutenBee Gutenberg Blocks WordPress Plugin

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-9227
https://github.com/cssigniter/gutenbee/commit/bde934cdecf67a4de1d6548cc1fc6c59bc6690e5
https://plugins.trac.wordpress.org/browser/gutenbee/tags/2.20.0/gutenbee.php#L570
https://plugins.trac.wordpress.org/browser/gutenbee/tags/2.20.0/gutenbee.php#L571
https://plugins.trac.wordpress.org/browser/gutenbee/tags/2.20.0/gutenbee.php#L579
https://plugins.trac.wordpress.org/browser/gutenbee/tags/2.20.1/gutenbee.php#L570
https://plugins.trac.wordpress.org/browser/gutenbee/tags/2.20.1/gutenbee.php#L571
https://plugins.trac.wordpress.org/browser/gutenbee/tags/2.20.1/gutenbee.php#L579
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3543574%40gutenbee&new=3543574%40gutenbee&sfp_email=&sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/2d20e8c9-975d-4e8c-8bea-50935853c7d4?source=cve

Related CVE's:

CVE-2026-9227

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.