PatchSiren

jegstudio CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM jegstudio CVE published 2026-06-27

CVE-2026-12399

The Gutenverse – WordPress Blocks, Page Builder & Site Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.8.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level permissions and above, to inject arbitrary web scripts in pages that will execute whene [truncated]

MEDIUM Jegstudio CVE published 2026-06-17

CVE-2024-33685

CVE-2024-33685 is a MEDIUM-severity vulnerability in the Startupzy theme for WordPress. The issue, which has a CVSS score of 4.3, allows attackers to exploit incorrectly configured access control security levels due to missing authorization. This vulnerability affects Startupzy versions from n/a through 1.1.1. Successful exploitation could lead to unauthorized actions, potentially compromising site integr [truncated]

MEDIUM jegstudio CVE published 2026-05-27

CVE-2026-3001

A reflected cross-site scripting (XSS) vulnerability in the Gutenverse WordPress plugin allows unauthenticated attackers to inject arbitrary web scripts via a crafted URL. The vulnerability exists in the `render_content()` method within `class-search-result-title.php`, which outputs the search query parameter directly into HTML without proper escaping. Successful exploitation requires the `gutenverse/sear [truncated]