WP Clinic
Log in Sign up

PLUGIN SECURITY

Is Spectra safe?

Known vulnerabilities, PHP compatibility and safer alternatives for the Spectra WordPress plugin — checked against WP Clinic's local security database.

Plugin details

  • Slug: ultimate-addons-for-gutenberg
  • Requires PHP: 7.4+
  • Max supported PHP (analyzed): 8.4

Known vulnerabilities

  • Spectra Legacy – Gutenberg Blocks [ultimate-addons-for-gutenberg] < 1.14.8
  • Spectra Legacy – Gutenberg Blocks [ultimate-addons-for-gutenberg] < 1.25.6
  • Spectra Legacy – Gutenberg Blocks [ultimate-addons-for-gutenberg] < 1.25.6
  • Spectra Legacy – Gutenberg Blocks [ultimate-addons-for-gutenberg] < 1.14.8
  • Spectra Legacy – Gutenberg Blocks [ultimate-addons-for-gutenberg] < 1.25.6
+ 30 more known vulnerabilities
  • Spectra Legacy – Gutenberg Blocks [ultimate-addons-for-gutenberg] < 1.14.8
  • Spectra Legacy – Gutenberg Blocks [ultimate-addons-for-gutenberg] < 2.3.3
  • Spectra Legacy – Gutenberg Blocks [ultimate-addons-for-gutenberg] < 2.3.2
  • CVE-2023-23729 — Spectra Legacy – Gutenberg Blocks [ultimate-addons-for-gutenberg] < 2.3.2 (Missing Authorization) · Medium
  • CVE-2023-23738 — Spectra Legacy – Gutenberg Blocks [ultimate-addons-for-gutenberg] < 2.3.2 (CWE-74) · Medium
  • CVE-2023-23735 — Spectra Legacy – Gutenberg Blocks [ultimate-addons-for-gutenberg] < 2.3.2 (CWE-80) · Medium
  • CVE-2023-23730 — Spectra Legacy – Gutenberg Blocks [ultimate-addons-for-gutenberg] < 2.3.2 (CWE-307) · Medium
  • CVE-2023-23825 — Spectra Legacy – Gutenberg Blocks [ultimate-addons-for-gutenberg] < 2.3.2 (Missing Authorization) · Low
  • CVE-2023-23834 — Spectra Legacy – Gutenberg Blocks [ultimate-addons-for-gutenberg] < 2.3.1 (Missing Authorization) · Medium
  • CVE-2020-36656 — Spectra Legacy – Gutenberg Blocks [ultimate-addons-for-gutenberg] < 1.15.0 (XSS) · Medium
  • CVE-2020-36702 — Spectra Legacy – Gutenberg Blocks [ultimate-addons-for-gutenberg] < 1.14.8 (Missing Authorization) · Medium
  • CVE-2023-36676 — Spectra Legacy – Gutenberg Blocks [ultimate-addons-for-gutenberg] < 2.6.7 (Missing Authorization) · Medium
  • CVE-2023-36679 — Spectra Legacy – Gutenberg Blocks [ultimate-addons-for-gutenberg] < 2.6.7 (SSRF) · High
  • Spectra Legacy – Gutenberg Blocks [ultimate-addons-for-gutenberg] < 2.6.7
  • CVE-2023-49833 — Spectra Legacy – Gutenberg Blocks [ultimate-addons-for-gutenberg] < 2.7.10 (XSS) · Medium
  • CVE-2023-6486 — Spectra Legacy – Gutenberg Blocks [ultimate-addons-for-gutenberg] < 2.10.4 (XSS) · Medium
  • CVE-2024-3107 — Spectra Legacy – Gutenberg Blocks [ultimate-addons-for-gutenberg] < 2.12.7 (Path Traversal) · Medium
  • CVE-2024-1815 — Spectra Legacy – Gutenberg Blocks [ultimate-addons-for-gutenberg] < 2.12.9 (XSS) · Medium
  • CVE-2024-1814 — Spectra Legacy – Gutenberg Blocks [ultimate-addons-for-gutenberg] < 2.12.9 (XSS) · Medium
  • CVE-2024-4366 — Spectra Legacy – Gutenberg Blocks [ultimate-addons-for-gutenberg] < 2.13.1 (XSS) · Medium
  • CVE-2024-37517 — Spectra Legacy – Gutenberg Blocks [ultimate-addons-for-gutenberg] < 2.13.8 (Missing Authorization) · High
  • CVE-2024-7590 — Spectra Legacy – Gutenberg Blocks [ultimate-addons-for-gutenberg] < 2.15.1 (XSS) · Medium
  • CVE-2024-10484 — Spectra Legacy – Gutenberg Blocks [ultimate-addons-for-gutenberg] < 2.16.3 (XSS) · Medium
  • CVE-2025-1784 — Spectra Legacy – Gutenberg Blocks [ultimate-addons-for-gutenberg] < 2.19.1 (XSS) · Medium
  • CVE-2025-11162 — Spectra Legacy – Gutenberg Blocks [ultimate-addons-for-gutenberg] < 2.19.15 (XSS) · Medium
  • CVE-2026-24982 — Spectra Legacy – Gutenberg Blocks [ultimate-addons-for-gutenberg] < 2.19.18 (Missing Authorization) · Medium
  • CVE-2026-0950 — Spectra Legacy – Gutenberg Blocks [ultimate-addons-for-gutenberg] < 2.19.18
  • CVE-2026-42648 — Spectra Legacy – Gutenberg Blocks [ultimate-addons-for-gutenberg] < 2.19.23 · Medium
  • CVE-2026-7465 — Spectra Legacy – Gutenberg Blocks [ultimate-addons-for-gutenberg] < 2.19.26 (Privilege Escalation) · High
  • Spectra Legacy – Gutenberg Blocks [ultimate-addons-for-gutenberg] < 2.19.26

Vulnerabilities are matched against the exact installed version when it's known. Always keep the plugin updated to the latest release.

Safer / more established alternatives

Check your own WordPress site

Run a free passive scan now, or create a free account and install the WP Clinic plugin for a deep scan of your whole hosting account and AI-assisted repair.