Vulnerabilities ›

CVE-2026-10586

High

CWE-918 — Weakness Type

                    Published: Jun 5, 2026                      ·  Modified: Jun 10, 2026                      ·  Source: NVD                

CVSS v3

7.2

🔗 NVD Official

📄 Description (English)

The Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.1.3 via the `save_ai_generated_image()` function. This makes it possible for authenticated attackers, with Author-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.

🤖 AI Executive Summary

The Gutenberg Essential Blocks plugin for WordPress contains a Server-Side Request Forgery vulnerability in the save_ai_generated_image() function affecting versions up to 6.1.3. Authenticated attackers with Author-level access can make arbitrary web requests from the server to internal services, potentially exposing sensitive data or modifying internal systems.

📄 Description (Arabic)

ثغرة Server-Side Request Forgery في مكون Gutenberg Essential Blocks تسمح للمهاجمين المصرحين بمستوى المؤلف بإرسال طلبات ويب تعسفية من خادم الويب. يمكن استخدام هذه الثغرة للوصول إلى الخدمات الداخلية وتعديل المعلومات الحساسة. التأثير يشمل الوصول غير المصرح به إلى الموارد الداخلية والبيانات الحساسة.

🤖 ملخص تنفيذي (AI)

🤖 AI Intelligence Analysis Analyzed: Jun 9, 2026 02:19

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: high

🏢 Affected Saudi Sectors

government banking telecom healthcare

🎯 MITRE ATT&CK Techniques

T1190 T1498 T1570

⚖️ Saudi Risk Score (AI)

7.0

/ 10.0

🔧 Remediation Steps (English)

Update the Gutenberg Essential Blocks plugin to version 6.1.4 or later immediately. Restrict Author-level access to trusted users only. Implement network segmentation to limit internal service accessibility. Monitor outbound requests from WordPress installations. Consider disabling the AI image generation feature if not required.

🔧 خطوات المعالجة (العربية)

قم بتحديث مكون Gutenberg Essential Blocks إلى الإصدار 6.1.4 أو أحدث فوراً. قيد الوصول على مستوى المؤلف للمستخدمين الموثوقين فقط. طبق تقسيم الشبكة لتحديد إمكانية الوصول إلى الخدمات الداخلية. راقب الطلبات الصادرة من تثبيتات WordPress. فكر في تعطيل ميزة إنشاء الصور بالذكاء الاصطناعي إذا لم تكن مطلوبة.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

5.1 5.2 5.3

🔵 SAMA CSF

CC-6.1 CC-6.2 CC-7.2

🟡 ISO 27001:2022

A.14.2.1 A.14.2.5 A.13.1.3

🔗 References & Sources 2

🔗

https://plugins.trac.wordpress.org/browser/essential-blocks/tags/6.1.3/includes/Integra...

security@wordfence.com

🔗

https://www.wordfence.com/threat-intel/vulnerabilities/id/08906577-162c-4875-b16c-18d49...

security@wordfence.com

📊 CVSS Score

7.2

/ 10.0 — High

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredN — None / Network

User InteractionN — None / Network

ScopeC — Changed

ConfidentialityL — Low / Local

IntegrityL — Low / Local

AvailabilityN — None / Network

📋 Quick Facts

Severity High

CVSS Score7.2

CWECWE-918

EPSS0.03%

Exploit No

Patch ✗ No

Published 2026-06-05

Source Feed nvd

🇸🇦 Saudi Risk Score

7.0

/ 10.0 — Saudi Risk

Priority: HIGH

🏷️ Tags

CWE-918

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2026-10586

Introduce Yourself

Sign In Required