Title: WordPress Gutenberg Plugin Script
Last modified: May 15, 2023

---

# WordPress Gutenberg Plugin Script

 *  [Reiner Schwope](https://wordpress.org/support/users/reiner-schwope/)
 * (@reiner-schwope)
 * [3 years ago](https://wordpress.org/support/topic/wordpress-gutenberg-plugin-script/)
 * I get this information from Patchstack (my provider, use this to help the side
   owners):
 * —>**WordPress Gutenberg Plugin <= 15.7.1 is vulnerable to Cross Site Scripting(
   XSS)**.
 * GenialHacker (Jitendra Patro) discovered and reported this Cross Site Scripting(
   XSS) vulnerability in WordPress Gutenberg Plugin. This could allow a malicious
   actor to inject malicious scripts, such as redirects, advertisements, and other
   HTML payloads into your website which will be executed when guests visit your
   site. This vulnerability has not been known to be fixed yet.<—
 * My side is working fine, only the information shows me that something with the
   plugin is not fine.
 * Greetings to the commnity
 * Reiner
 * The page I need help with: _[[log in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Fwordpress-gutenberg-plugin-script%2F%3Foutput_format%3Dmd&locale=en_US)
   to see the link]_

Viewing 5 replies - 1 through 5 (of 5 total)

 *  [thelmachido a11n](https://wordpress.org/support/users/thelmachido/)
 * (@thelmachido)
 * [3 years ago](https://wordpress.org/support/topic/wordpress-gutenberg-plugin-script/#post-16733382)
 * > **WordPress Gutenberg Plugin <= 15.7.1 is vulnerable to Cross Site Scripting(
   > XSS)**.
   > GenialHacker (Jitendra Patro) discovered and reported this Cross Site Scripting(
   > XSS) vulnerability in WordPress Gutenberg Plugin. 
 * Hi [@reiner-schwope](https://wordpress.org/support/users/reiner-schwope/) is 
   this vulnerability only on version 15.7.1 or the previous versions are affected
   as well? 
   Additionally, to better investigate can they advise what exactly is
   causing the plugin to be vulnerable to attacks?
 *  Thread Starter [Reiner Schwope](https://wordpress.org/support/users/reiner-schwope/)
 * (@reiner-schwope)
 * [3 years ago](https://wordpress.org/support/topic/wordpress-gutenberg-plugin-script/#post-16734571)
 * [@thelmachido](https://wordpress.org/support/users/thelmachido/) It was also 
   in the versions before. I was waiting for the next update and then I get the 
   information again.
 *  [thelmachido a11n](https://wordpress.org/support/users/thelmachido/)
 * (@thelmachido)
 * [3 years ago](https://wordpress.org/support/topic/wordpress-gutenberg-plugin-script/#post-16738294)
 * Hi [@reiner-schwope](https://wordpress.org/support/users/reiner-schwope/) I see,
   are you able to provide more information about where the vulnerability might 
   be?
 *  Thread Starter [Reiner Schwope](https://wordpress.org/support/users/reiner-schwope/)
 * (@reiner-schwope)
 * [3 years ago](https://wordpress.org/support/topic/wordpress-gutenberg-plugin-script/#post-16738490)
 * Hello dear [@thelmachido](https://wordpress.org/support/users/thelmachido/). 
   I want to provide more, but I do not know how… I try to find more information.
   I have only a link to show more: [https://patchstack.com/database/vulnerability/gutenberg/wordpress-gutenberg-plugin-13-7-3-authenticated-stored-cross-site-scripting-xss-vulnerability](https://patchstack.com/database/vulnerability/gutenberg/wordpress-gutenberg-plugin-13-7-3-authenticated-stored-cross-site-scripting-xss-vulnerability).
   Many thanks and regards Reiner
 *  [Justin Tadlock](https://wordpress.org/support/users/greenshady/)
 * (@greenshady)
 * [3 years ago](https://wordpress.org/support/topic/wordpress-gutenberg-plugin-script/#post-16741894)
 * Any legit security issues with WordPress should be posted on the WP HackerOne
   site: [https://hackerone.com/wordpress?type=team](https://hackerone.com/wordpress?type=team)
 * Reference: [https://make.wordpress.org/core/handbook/testing/reporting-security-vulnerabilities/#where-do-i-report-security-issues](https://make.wordpress.org/core/handbook/testing/reporting-security-vulnerabilities/#where-do-i-report-security-issues)

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘WordPress Gutenberg Plugin Script’ is closed to new replies.

 * ![](https://ps.w.org/gutenberg/assets/icon-256x256.jpg?rev=1776042)
 * [Gutenberg](https://wordpress.org/plugins/gutenberg/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/gutenberg/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/gutenberg/)
 * [Active Topics](https://wordpress.org/support/plugin/gutenberg/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/gutenberg/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/gutenberg/reviews/)

## Tags

 * [Gutenberg plugin](https://wordpress.org/support/topic-tag/gutenberg-plugin/)

 * 9 replies
 * 3 participants
 * Last reply from: [Justin Tadlock](https://wordpress.org/support/users/greenshady/)
 * Last activity: [3 years ago](https://wordpress.org/support/topic/wordpress-gutenberg-plugin-script/#post-16741894)
 * Status: not resolved