CVE-2025-11361

MEDIUM

Gutenberg Essential Blocks <= 5.7.1 - Authenticated SSRF via eb_save_ai_generated_image

Title source: llm

Description

The Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.7.1 via the eb_save_ai_generated_image function. This makes it possible for authenticated attackers, with Author-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.

References (3)

Core 3

Core References

https://research.cleantalk.org/cve-2025-11361/

Product

https://plugins.trac.wordpress.org/browser/essential-blocks/tags/5.7.0/includes/Admin/Admin.php#L865

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/d4b06b93-6b15-4b1f-bdd9-080618591bdc?source=cve

Scores

CVSS v3 6.4

EPSS 0.0027

EPSS Percentile 19.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-918

Status published

Products (1)

wpdevteam/Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns < 5.7.1

Published Oct 18, 2025

Tracked Since Feb 18, 2026