Testa din hemsida →
Gutenberg Block Editor Toolkit – EditorsKit ikon

Gutenberg Block Editor Toolkit – EditorsKit

4.6/5
30 000+ installationer

EditorsKit provides a set of page building tools to supercharge the WordPress Gutenberg block editor.

41
Kända sårbarheter
0
Kritiska / höga
2025-08-08
Senaste sårbarhet
30 000+
Aktiva installationer

Om Gutenberg Block Editor Toolkit – EditorsKit

EditorsKit är ett populärt WordPress-tillägg som utökar Gutenberg-editorn med avancerade verktyg för sidbyggning. Med över 30 000 aktiva installationer hjälper det användare att skapa mer dynamiskt innehåll genom förbättrade block och funktioner.

Säkerhetssituationen

Tillägget har 41 registrerade sårbarheter, samtliga klassificerade som "medium" allvarlighetsgrad. Detta innebär att sårbarheterna inte utgör kritiska hot som ger omedelbar full kontroll över webbplatsen, men de kan potentiellt utnyttjas för mindre allvarliga angrepp som dataläckage eller behörighetseskalering.

Det som är särskilt oroande är den senaste sårbarheten från augusti 2025, vilket tyder på kontinuerliga säkerhetsproblem. För ett tillägg med denna användarskala är 41 sårbarheter en hög siffra som kräver uppmärksamhet.

Våra rekommendationer

  • Kontrollera version: Säkerställ att du kör den absolut senaste versionen av tillägget
  • Övervaka uppdateringar: Installera säkerhetsuppdateringar omedelbart när de släpps
  • Överväg alternativ: Utvärdera om tilläggets funktionalitet är värd den ökade säkerhetsrisken
  • Backup-rutiner: Förstärk dina säkerhetskopieringsrutiner om du fortsätter använda tillägget

Regelbundna uppdateringar är det viktigaste skyddet mot kända sårbarheter. Kontakta gärna Sitesupport för hjälp med säker WordPress-drift och tilläggshantering.

Använder du Gutenberg Block Editor Toolkit – EditorsKit?

Kör ett gratis test och se om din hemsida är påverkad av dessa sårbarheter.

Testa din hemsida

Alla kända sårbarheter

Medel CVE-2025-6572

CVE-2025-6572: The OpenStreetMap for Gutenberg and WPBakery Page Builder (formerly Visual Composer) WordPress plugin through 1.2.0 does not validate and escape some of its block options before outputting them bac...

Påverkade versioner: all

The OpenStreetMap for Gutenberg and WPBakery Page Builder (formerly Visual Composer) WordPress plugin through 1.2.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which coul...

Medel CVE-2025-5194

CVE-2025-5194: The WP Map Block WordPress plugin before 2.0.3 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users w...

Påverkade versioner: < 2.0.3

The WP Map Block WordPress plugin before 2.0.3 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored...

Medel CVE-2025-1627

CVE-2025-1627: The Qi Blocks WordPress plugin before 1.4 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with th...

Påverkade versioner: < 1.4

The Qi Blocks WordPress plugin before 1.4 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-...

Medel CVE-2025-1626

CVE-2025-1626: The Qi Blocks WordPress plugin before 1.4 does not validate and escape some of its Countdown block options before outputting them back in a page/post where the block is embed, which could allow use...

Påverkade versioner: < 1.4

The Qi Blocks WordPress plugin before 1.4 does not validate and escape some of its Countdown block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Sto...

Medel CVE-2025-1625

CVE-2025-1625: The Qi Blocks WordPress plugin before 1.4 does not validate and escape some of its Counter block options before outputting them back in a page/post where the block is embed, which could allow users...

Påverkade versioner: < 1.4

The Qi Blocks WordPress plugin before 1.4 does not validate and escape some of its Counter block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Store...

Medel CVE-2024-9645

CVE-2024-9645: The Post Grid, Posts Slider, Posts Carousel, Post Filter, Post Masonry WordPress plugin before 2.2.93 does not validate and escape some of its block options before outputting them back in a page/po...

Påverkade versioner: < 2.2.93

The Post Grid, Posts Slider, Posts Carousel, Post Filter, Post Masonry WordPress plugin before 2.2.93 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users...

Medel CVE-2024-10631

CVE-2024-10631: The Countdown Timer for WordPress Block Editor WordPress plugin through 1.0.5 does not validate and escape some of its block options before outputting them back in a page/post where the block is em...

Påverkade versioner: <= 1.0.5

The Countdown Timer for WordPress Block Editor WordPress plugin through 1.0.5 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor rol...

Medel CVE-2024-12768

CVE-2024-12768: The Responsive iframe WordPress plugin through 1.2.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow us...

Påverkade versioner: <= 1.2.0

The Responsive iframe WordPress plugin through 1.2.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform St...

Medel CVE-2024-11636

CVE-2024-11636: The Email Subscribers by Icegram Express WordPress plugin before 5.7.45 does not sanitise and escape some of its Text Block options, which could allow high privilege users such as admin to perform...

Påverkade versioner: < 5.7.45

The Email Subscribers by Icegram Express WordPress plugin before 5.7.45 does not sanitise and escape some of its Text Block options, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the un...

Medel CVE-2024-10678

CVE-2024-10678: The Ultimate Blocks WordPress plugin before 3.2.4 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow user...

Påverkade versioner: < 3.2.4

The Ultimate Blocks WordPress plugin before 3.2.4 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stor...

Medel CVE-2024-10637

CVE-2024-10637: The Gutenberg Blocks with AI by Kadence WP WordPress plugin before 3.2.54 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed...

Påverkade versioner: < 3.2.54

The Gutenberg Blocks with AI by Kadence WP WordPress plugin before 3.2.54 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role a...

Medel CVE-2024-10980

CVE-2024-10980: The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) WordPress plugin before 5.10.3 does not validate and escape some of its Cookie Consent ...

Påverkade versioner: < 5.10.3

The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) WordPress plugin before 5.10.3 does not validate and escape some of its Cookie Consent block options before outputting them back in a page/p...

Medel CVE-2024-10493

CVE-2024-10493: The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) WordPress plugin before 5.10.3 does not validate and escape some of its block options bef...

Påverkade versioner: < 5.10.3

The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) WordPress plugin before 5.10.3 does not validate and escape some of its block options before outputting them back in a page/post where the blo...

Medel CVE-2024-5417

CVE-2024-5417: The Gutentor WordPress plugin before 3.3.6 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with ...

Påverkade versioner: < 3.3.6

The Gutentor WordPress plugin before 3.3.6 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cros...

Medel CVE-2024-6884

CVE-2024-6884: The Gutenberg Blocks with AI by Kadence WP WordPress plugin before 3.2.39 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed...

Påverkade versioner: < 3.2.39

The Gutenberg Blocks with AI by Kadence WP WordPress plugin before 3.2.39 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role a...

Medel CVE-2024-5595

CVE-2024-5595: The Essential Blocks WordPress plugin before 4.7.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow use...

Påverkade versioner: < 4.7.0

The Essential Blocks WordPress plugin before 4.7.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Sto...

Medel CVE-2024-4655

CVE-2024-4655: The Ultimate Blocks WordPress plugin before 3.1.9 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow user...

Påverkade versioner: < 3.1.9

The Ultimate Blocks WordPress plugin before 3.1.9 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stor...

Medel CVE-2024-4305

CVE-2024-4305: The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress plugin before 4.1.0 does not validate and escape some of its block options before outputting them back in a page/post where the b...

Påverkade versioner: < 4.1.0

The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress plugin before 4.1.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contr...

Medel CVE-2024-3241

CVE-2024-3241: The Ultimate Blocks WordPress plugin before 3.1.7 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow user...

Påverkade versioner: < 3.1.7

The Ultimate Blocks WordPress plugin before 3.1.7 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stor...

Medel CVE-2024-3239

CVE-2024-3239: The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress plugin before 4.0.2 does not validate and escape some of its block options before outputting them back in a page/post where the b...

Påverkade versioner: < 4.0.2

The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress plugin before 4.0.2 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contr...

Medel CVE-2023-0376

CVE-2023-0376: The Qubely WordPress plugin before 1.8.5 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the...

Påverkade versioner: < 1.8.5

The Qubely WordPress plugin before 1.8.5 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-S...

Medel CVE-2023-0233

CVE-2023-0233: The ActiveCampaign WordPress plugin before 8.1.12 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users...

Påverkade versioner: < 8.1.12

The ActiveCampaign WordPress plugin before 8.1.12 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Store...

Medel CVE-2023-0280

CVE-2023-0280: The Ultimate Carousel For Elementor WordPress plugin through 2.1.7 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which ...

Påverkade versioner: <= 2.1.7

The Ultimate Carousel For Elementor WordPress plugin through 2.1.7 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above...

Medel CVE-2023-0374

CVE-2023-0374: The W4 Post List WordPress plugin before 2.4.6 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users wi...

Påverkade versioner: < 2.4.6

The W4 Post List WordPress plugin before 2.4.6 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored C...

Medel CVE-2023-0395

CVE-2023-0395: The menu shortcode WordPress plugin through 1.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users w...

Påverkade versioner: <= 1.0

The menu shortcode WordPress plugin through 1.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored...

Medel CVE-2023-0377

CVE-2023-0377: The Scriptless Social Sharing WordPress plugin before 3.2.2 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could a...

Påverkade versioner: < 3.2.2

The Scriptless Social Sharing WordPress plugin before 3.2.2 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to per...

Medel CVE-2023-0230

CVE-2023-0230: The VK All in One Expansion Unit WordPress plugin before 9.86.0.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which c...

Påverkade versioner: < 9.86.0.0

The VK All in One Expansion Unit WordPress plugin before 9.86.0.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above...

Medel CVE-2023-0231

CVE-2023-0231: The ShopLentor WordPress plugin before 2.5.4 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with...

Påverkade versioner: < 2.5.4

The ShopLentor WordPress plugin before 2.5.4 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cro...

Medel CVE-2023-0375

CVE-2023-0375: The Easy Affiliate Links WordPress plugin before 3.7.1 does not validate and escape some of its block options before outputting them back in a page/post where the block is embedded, which could all...

Påverkade versioner: < 3.7.1

The Easy Affiliate Links WordPress plugin before 3.7.1 does not validate and escape some of its block options before outputting them back in a page/post where the block is embedded, which could allow users with the contributor role and above to perfo...

Medel CVE-2023-0378

CVE-2023-0378: The Greenshift WordPress plugin before 5.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with t...

Påverkade versioner: < 5.0

The Greenshift WordPress plugin before 5.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross...

Medel CVE-2023-0380

CVE-2023-0380: The Easy Digital Downloads WordPress plugin before 3.1.0.5 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could al...

Påverkade versioner: < 3.1.0.5

The Easy Digital Downloads WordPress plugin before 3.1.0.5 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perf...

Medel CVE-2023-0379

CVE-2023-0379: The Spotlight Social Feeds WordPress plugin before 1.4.3 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allo...

Påverkade versioner: < 1.4.3

The Spotlight Social Feeds WordPress plugin before 1.4.3 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perfor...

Medel CVE-2023-0373

CVE-2023-0373: The Lightweight Accordion WordPress plugin before 1.5.15 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allo...

Påverkade versioner: < 1.5.15

The Lightweight Accordion WordPress plugin before 1.5.15 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perfor...

Medel CVE-2023-0360

CVE-2023-0360: The Location Weather WordPress plugin before 1.3.4 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow user...

Påverkade versioner: < 1.3.4

The Location Weather WordPress plugin before 1.3.4 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stor...

Medel CVE-2023-0252

CVE-2023-0252: The Contextual Related Posts WordPress plugin before 3.3.1 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could al...

Påverkade versioner: < 3.3.1

The Contextual Related Posts WordPress plugin before 3.3.1 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perf...

Medel CVE-2023-0096

CVE-2023-0096: The Happyforms WordPress plugin before 1.22.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users wit...

Påverkade versioner: < 1.22.0

The Happyforms WordPress plugin before 1.22.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cr...

Medel CVE-2023-0095

CVE-2023-0095: The Page View Count WordPress plugin before 2.6.1 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users...

Påverkade versioner: < 2.6.1

The Page View Count WordPress plugin before 2.6.1 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Store...

Medel CVE-2023-0082

CVE-2023-0082: The ExactMetrics WordPress plugin before 7.12.1 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users w...

Påverkade versioner: < 7.12.1

The ExactMetrics WordPress plugin before 7.12.1 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored...

Medel CVE-2023-0081

CVE-2023-0081: The MonsterInsights WordPress plugin before 8.12.1 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow user...

Påverkade versioner: < 8.12.1

The MonsterInsights WordPress plugin before 8.12.1 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stor...

Medel CVE-2023-0097

CVE-2023-0097: The Post Grid, Post Carousel, & List Category Posts WordPress plugin before 2.4.19 does not validate and escape some of its block options before outputting them back in a page/post where the block ...

Påverkade versioner: < 2.4.19

The Post Grid, Post Carousel, & List Category Posts WordPress plugin before 2.4.19 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributo...

Medel CVE-2022-4667

CVE-2022-4667: The RSS Aggregator by Feedzy WordPress plugin before 4.1.1 does not validate and escape some of its block options before outputting them back in the page, which could allow users with a role as low...

Påverkade versioner: < 4.1.1

The RSS Aggregator by Feedzy WordPress plugin before 4.1.1 does not validate and escape some of its block options before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scriptin...

Så skyddar du din sajt

Sårbarheter i tillägg är den vanligaste attackytan för WordPress-sajter. Det bästa skyddet är att vara proaktiv — här är tre konkreta steg.

Håll tillägget uppdaterat

De flesta sårbarheter i Gutenberg Block Editor Toolkit – EditorsKit åtgärdas snabbt av utvecklarna. Uppdatera alltid till senaste versionen.

Ta bort oanvända tillägg

Varje tillägg är en potentiell attackyta. Avinstallera det du inte aktivt använder.

Bevaka automatiskt

Med löpande övervakning upptäcker du problem innan de blir allvarliga.

Vill du slippa hålla koll själv? Med ett supportavtal från Sitesupport sköter vi uppdateringar och säkerhet åt dig.

Vanliga frågor om Gutenberg Block Editor Toolkit – EditorsKit

Gutenberg Block Editor Toolkit – EditorsKit har 41 kända sårbarheter. Det betyder inte nödvändigtvis att tillägget är osäkert — de flesta sårbarheter åtgärdas i nya versioner. Det viktigaste är att alltid köra den senaste versionen.
Det enklaste sättet är att köra ett gratis test av din hemsida på sitesupport.co. Testet kontrollerar vilka tillägg du använder och vilka versioner som är installerade, och jämför det mot kända sårbarheter.
Uppdatera till den senaste versionen så snart som möjligt. Om det inte finns en uppdatering som åtgärdar problemet bör du överväga att tillfälligt inaktivera tillägget, särskilt om sårbarheten har kritisk eller hög allvarlighetsgrad.
Gutenberg Block Editor Toolkit – EditorsKit har över 30 000 aktiva installationer på WordPress.org och ett betyg på 4.6 av 5. Populära tillägg har generellt bättre säkerhetsrutiner tack vare större community och fler ögon på koden.

Andra tillägg med kända sårbarheter

Royal Addons for Elementor – Addons and Templates Kit for Elementor
60 sårbarheter
Ninja Forms – The Contact Form Builder That Grows With You
58 sårbarheter
Booking Calendar
56 sårbarheter
Newsletter – Send awesome emails from WordPress
56 sårbarheter
Elementor Website Builder – More Than Just a Page Builder
55 sårbarheter
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin
54 sårbarheter

Hur mår din hemsida?

Kör ett gratis test och se hur din sajt presterar inom SEO, säkerhet, prestanda och tillgänglighet — på under en minut.

Testa gratis

Inget konto krävs