CVE-2026-7465

HIGH EXPLOITED LAB

Spectra Gutenberg Blocks <= 2.19.25 - Authenticated (Contributor+) Remote Code Execution via Arbitrary PHP Function Call via Block Attributes

Title source: cna
STIX 2.1

Exploitation Summary

CVE-2026-7465 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 2 public exploits from researchers including endangcamon, rootdirective-sec.

AI-analyzed exploit summary This repository contains a functional exploit PoC for CVE-2026-7465, targeting Spectra Gutenberg Blocks <= 2.19.25. The exploit leverages a vulnerability in the `render_block()` method to achieve authenticated RCE by registering a fake block with a malicious `render_callback` attribute.

Description

The Spectra Gutenberg Blocks – Website Builder for the Block Editor plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.19.25. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server. Exploitation requires a two-block payload embedded in post content: the first block registers a fake uagb/-prefixed block type with an attacker-specified render_callback, and the second block of the same fake type triggers invocation of that callback via call_user_func() during sequential block rendering in the same page request.

Exploits (2)

github WORKING POC 1 stars
by endangcamon · pythonpoc
https://github.com/endangcamon/CVE-2026-7465-POC

This repository contains a functional exploit PoC for CVE-2026-7465, targeting Spectra Gutenberg Blocks <= 2.19.25. The exploit leverages a vulnerability in the `render_block()` method to achieve authenticated RCE by registering a fake block with a malicious `render_callback` attribute.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Spectra Gutenberg Blocks (WordPress plugin) <= 2.19.25
Auth required
Prerequisites: WordPress URL · Contributor credentials
devstral-2 · analyzed May 30, 2026 Full analysis →
github WORKING POC
by rootdirective-sec · pythonpoc
https://github.com/rootdirective-sec/CVE-2026-7465-Lab

This repository contains a functional proof-of-concept exploit for CVE-2026-7465, targeting a vulnerability in the Spectra plugin for WordPress. The PoC demonstrates the vulnerability by creating a draft post with a crafted block that triggers the vulnerable behavior, confirming exploitation via a marker in the rendered content.

Classification
Working Poc 95%
Attack Type
Other
Complexity
Moderate
Reliability
Reliable
Target: WordPress Spectra plugin (Ultimate Addons for Gutenberg)
Auth required
Prerequisites: WordPress instance with Spectra plugin installed · Contributor-level credentials
devstral-2 · analyzed Jun 08, 2026 Full analysis →

References (6)

Core 6

Scores

CVSS v3 8.8
EPSS 0.0008
EPSS Percentile 23.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Lab Environment

COMMUNITY
Community Lab
docker pull wordpress:cli-php8.2
docker pull wordpress:php8.2-apache

Details

VulnCheck KEV 2026-06-02
CWE
CWE-269
Status published
Products (1)
brainstormforce/Spectra Gutenberg Blocks – Website Builder for the Block Editor < 2.19.25
Published May 30, 2026
Tracked Since May 30, 2026