PLUGIN SECURITY
Is Spectra safe?
Known vulnerabilities, PHP compatibility and safer alternatives for the Spectra WordPress plugin — checked against WP Clinic's local security database.
Plugin details
- Slug:
ultimate-addons-for-gutenberg - Requires PHP: 7.4+
- Max supported PHP (analyzed): 8.4
Known vulnerabilities
- Spectra Legacy – Gutenberg Blocks [ultimate-addons-for-gutenberg] < 1.14.8
- Spectra Legacy – Gutenberg Blocks [ultimate-addons-for-gutenberg] < 1.25.6
- Spectra Legacy – Gutenberg Blocks [ultimate-addons-for-gutenberg] < 1.25.6
- Spectra Legacy – Gutenberg Blocks [ultimate-addons-for-gutenberg] < 1.14.8
- Spectra Legacy – Gutenberg Blocks [ultimate-addons-for-gutenberg] < 1.25.6
+ 30 more known vulnerabilities
- Spectra Legacy – Gutenberg Blocks [ultimate-addons-for-gutenberg] < 1.14.8
- Spectra Legacy – Gutenberg Blocks [ultimate-addons-for-gutenberg] < 2.3.3
- Spectra Legacy – Gutenberg Blocks [ultimate-addons-for-gutenberg] < 2.3.2
- CVE-2023-23729 — Spectra Legacy – Gutenberg Blocks [ultimate-addons-for-gutenberg] < 2.3.2 (Missing Authorization) · Medium
- CVE-2023-23738 — Spectra Legacy – Gutenberg Blocks [ultimate-addons-for-gutenberg] < 2.3.2 (CWE-74) · Medium
- CVE-2023-23735 — Spectra Legacy – Gutenberg Blocks [ultimate-addons-for-gutenberg] < 2.3.2 (CWE-80) · Medium
- CVE-2023-23730 — Spectra Legacy – Gutenberg Blocks [ultimate-addons-for-gutenberg] < 2.3.2 (CWE-307) · Medium
- CVE-2023-23825 — Spectra Legacy – Gutenberg Blocks [ultimate-addons-for-gutenberg] < 2.3.2 (Missing Authorization) · Low
- CVE-2023-23834 — Spectra Legacy – Gutenberg Blocks [ultimate-addons-for-gutenberg] < 2.3.1 (Missing Authorization) · Medium
- CVE-2020-36656 — Spectra Legacy – Gutenberg Blocks [ultimate-addons-for-gutenberg] < 1.15.0 (XSS) · Medium
- CVE-2020-36702 — Spectra Legacy – Gutenberg Blocks [ultimate-addons-for-gutenberg] < 1.14.8 (Missing Authorization) · Medium
- CVE-2023-36676 — Spectra Legacy – Gutenberg Blocks [ultimate-addons-for-gutenberg] < 2.6.7 (Missing Authorization) · Medium
- CVE-2023-36679 — Spectra Legacy – Gutenberg Blocks [ultimate-addons-for-gutenberg] < 2.6.7 (SSRF) · High
- Spectra Legacy – Gutenberg Blocks [ultimate-addons-for-gutenberg] < 2.6.7
- CVE-2023-49833 — Spectra Legacy – Gutenberg Blocks [ultimate-addons-for-gutenberg] < 2.7.10 (XSS) · Medium
- CVE-2023-6486 — Spectra Legacy – Gutenberg Blocks [ultimate-addons-for-gutenberg] < 2.10.4 (XSS) · Medium
- CVE-2024-3107 — Spectra Legacy – Gutenberg Blocks [ultimate-addons-for-gutenberg] < 2.12.7 (Path Traversal) · Medium
- CVE-2024-1815 — Spectra Legacy – Gutenberg Blocks [ultimate-addons-for-gutenberg] < 2.12.9 (XSS) · Medium
- CVE-2024-1814 — Spectra Legacy – Gutenberg Blocks [ultimate-addons-for-gutenberg] < 2.12.9 (XSS) · Medium
- CVE-2024-4366 — Spectra Legacy – Gutenberg Blocks [ultimate-addons-for-gutenberg] < 2.13.1 (XSS) · Medium
- CVE-2024-37517 — Spectra Legacy – Gutenberg Blocks [ultimate-addons-for-gutenberg] < 2.13.8 (Missing Authorization) · High
- CVE-2024-7590 — Spectra Legacy – Gutenberg Blocks [ultimate-addons-for-gutenberg] < 2.15.1 (XSS) · Medium
- CVE-2024-10484 — Spectra Legacy – Gutenberg Blocks [ultimate-addons-for-gutenberg] < 2.16.3 (XSS) · Medium
- CVE-2025-1784 — Spectra Legacy – Gutenberg Blocks [ultimate-addons-for-gutenberg] < 2.19.1 (XSS) · Medium
- CVE-2025-11162 — Spectra Legacy – Gutenberg Blocks [ultimate-addons-for-gutenberg] < 2.19.15 (XSS) · Medium
- CVE-2026-24982 — Spectra Legacy – Gutenberg Blocks [ultimate-addons-for-gutenberg] < 2.19.18 (Missing Authorization) · Medium
- CVE-2026-0950 — Spectra Legacy – Gutenberg Blocks [ultimate-addons-for-gutenberg] < 2.19.18
- CVE-2026-42648 — Spectra Legacy – Gutenberg Blocks [ultimate-addons-for-gutenberg] < 2.19.23 · Medium
- CVE-2026-7465 — Spectra Legacy – Gutenberg Blocks [ultimate-addons-for-gutenberg] < 2.19.26 (Privilege Escalation) · High
- Spectra Legacy – Gutenberg Blocks [ultimate-addons-for-gutenberg] < 2.19.26
Vulnerabilities are matched against the exact installed version when it's known. Always keep the plugin updated to the latest release.
Safer / more established alternatives
- Elementor Website Builder – more than just a page builder — 10000000+ active installs — max PHP 8.4
- Classic Editor — 9000000+ active installs — max PHP 8.4
- Classic Widgets — 2000000+ active installs — max PHP 8.4
- Advanced Editor Tools — 1000000+ active installs — max PHP 8.4
- User Role Editor — 700000+ active installs — max PHP 8.4
Check your own WordPress site
Run a free passive scan now, or create a free account and install the WP Clinic plugin for a deep scan of your whole hosting account and AI-assisted repair.