Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeYatri Gutenify gutenify allows Stored XSS.This issue affects Gutenify: from n/a through <= 1.5.7.
Published: 2025-04-04
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The issue is an improper neutralization of input during web page generation in the CodeYatri Gutenify plugin, which allows stored cross‑site scripting. An attacker can insert malicious scripts into data that the plugin stores; when that stored data is later displayed, the script runs in the browsers of site visitors.

Affected Systems

All versions of the Gutenify plugin up to and including 1.5.7 are affected. WordPress installations that have not upgraded beyond 1.5.7 are susceptible to exploitation.

Risk and Exploitability

The CVSS score of 6.5 indicates a moderate impact, and the EPSS score of less than 1% suggests a low probability of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector involves submitting unsanitized input through Gutenify’s interface so that the malicious script is stored and then rendered to any user who views the affected content. This inference is made from the described stored XSS nature of the flaw and the requirement that the data be rendered in a browser.

Generated by OpenCVE AI on May 1, 2026 at 11:12 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Gutenify to the latest version (≥ 1.5.8) to eliminate the stored XSS flaw.
  • If an upgrade is not possible, replace or disable the plugin to remove the source of unsanitized input.
  • Scan the site’s database for injected scripts and cleanse any affected content, then verify that no malicious code remains.
  • For additional protection, consider implementing a web application firewall rule that blocks common XSS payloads.

Generated by OpenCVE AI on May 1, 2026 at 11:12 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-9843 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeYatri Gutenify allows Stored XSS. This issue affects Gutenify: from n/a through 1.4.9.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeYatri Gutenify allows Stored XSS. This issue affects Gutenify: from n/a through 1.4.9. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeYatri Gutenify gutenify allows Stored XSS.This issue affects Gutenify: from n/a through <= 1.5.7.
Title WordPress Gutenify plugin <= 1.4.9 - Cross Site Scripting (XSS) vulnerability WordPress Gutenify plugin <= 1.5.7 - Cross Site Scripting (XSS) vulnerability
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L'}

Fri, 04 Apr 2025 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 04 Apr 2025 16:15:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeYatri Gutenify allows Stored XSS. This issue affects Gutenify: from n/a through 1.4.9.
Title WordPress Gutenify plugin <= 1.4.9 - Cross Site Scripting (XSS) vulnerability
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L'}

Subscriptions

Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:12:17.953Z

Reserved: 2025-04-04T10:01:05.033Z

Link: CVE-2025-32168

cve-icon Vulnrichment

Updated: 2025-04-04T19:54:21.253Z

cve-icon NVD

Status : Deferred

Published: 2025-04-04T16:15:25.527

Modified: 2026-04-23T15:28:41.157

Link: CVE-2025-32168

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-01T11:15:15Z

Weaknesses