Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeYatri Gutenify gutenify allows Stored XSS.This issue affects Gutenify: from n/a through <= 1.5.7.
Published: 2025-11-06
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an Improper Neutralization of Input During Web Page Generation that allows stored XSS. An attacker can inject malicious scripts that are persisted by the Gutenify plugin and displayed to any visitor who views the affected content, potentially leading to credential theft, defacement, or session hijacking. The impact is limited to client‑side code execution but can be severe if the user logs into privileged accounts while the malicious page is viewed.

Affected Systems

WordPress sites that have installed the Gutenify plugin by CodeYatri with any version up to and including 1.5.7 are affected. All WordPress installations that have activated the plugin and allow content submission through its interface fall under this scope.

Risk and Exploitability

The CVSS score of 7.1 indicates a high level of risk, yet the EPSS score of less than 1% suggests that exploitation is currently unlikely to be widespread. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is an attacker submitting content or configuration via the plugin’s administrative interface, which is then rendered to all site visitors. Successful exploitation requires the plugin to be active and an entry point to be exploited by an authenticated or otherwise privileged user.

Generated by OpenCVE AI on April 30, 2026 at 14:38 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Gutenify to the latest available version that mitigates the XSS flaw
  • If an upgrade is not immediately possible, disable or uninstall the Gutenify plugin to eliminate the risk
  • Limit content editing to trusted users and enforce input sanitization per CWE‑79 guidelines

Generated by OpenCVE AI on April 30, 2026 at 14:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N'}

 cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Tue, 20 Jan 2026 15:30:00 +0000

Type Values Removed Values Added
References

Tue, 20 Jan 2026 14:45:00 +0000

Type Values Removed Values Added
References

Thu, 13 Nov 2025 11:30:00 +0000

Type Values Removed Values Added
References

Thu, 13 Nov 2025 10:45:00 +0000

Type Values Removed Values Added
References

Mon, 10 Nov 2025 20:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 06 Nov 2025 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Wordpress
Wordpress wordpress
Vendors & Products Wordpress
Wordpress wordpress

Thu, 06 Nov 2025 16:00:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeYatri Gutenify gutenify allows Stored XSS.This issue affects Gutenify: from n/a through <= 1.5.7.
Title WordPress Gutenify Plugin <= 1.5.7 - Cross Site Scripting (XSS) Vulnerability
Weaknesses CWE-79
References

Subscriptions

Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:13:23.878Z

Reserved: 2025-06-27T11:59:22.191Z

Link: CVE-2025-53324

cve-icon Vulnrichment

Updated: 2025-11-10T19:27:57.066Z

cve-icon NVD

Status : Deferred

Published: 2025-11-06T16:15:56.630

Modified: 2026-04-27T17:16:28.120

Link: CVE-2025-53324

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T14:45:24Z

Weaknesses