HIGH
cssigniterteam
CVE published 2026-05-28
CVE-2026-9227
## Summary CVE-2026-9227 is a high-severity (CVSS 8.8) arbitrary file upload vulnerability in the GutenBee – Gutenberg Blocks WordPress plugin affecting all versions up to and including 2.20.1. The flaw resides in the `gutenbee_file_and_ext_json` function, which uses an insufficient `strpos()` check that merely verifies the filename contains '.json' anywhere in the string rather than ensuring the file end [truncated]