CVE-2026-2608

The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.5.32. This makes it possible for authenticated attackers, with Contributor-level access...

CVE-2026-2608

CVE-2026-2608 : Kadence Blocks — Page Builder Toolkit for Gutenberg Editor vulnerability in WordPress. Up to version 3.5.32, missing capability check allows authenticated users with Contributor-level access and above to perform an unauthorized action. Patch status in Wordfence context shows mitig...

CVE-2026-2608 Gutenberg Blocks by Kadence Blocks <= 3.5.32 - Missing Authorization

The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.5.32. This makes it possible for authenticated attackers, with Contributor-level access...

CVE-2026-2608

The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.5.32. This makes it possible for authenticated attackers, with Contributor-level access...

PT-2026-8403

The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.5.32. This makes it possible for authenticated attackers, with Contributor-level access...

WordPress Gutenberg Blocks with AI by Kadence WP plugin <= 3.5.32 - Incorrect Authorization to Authenticated (Contributor+) Post Publication vulnerability

Incorrect Authorization to Authenticated Contributor+ Post Publication vulnerability discovered by johska in WordPress Plugin Gutenberg Blocks by Kadence Blocks versions = 3.5.32...

WordPress Cost Calculator Builder plugin <= 3.5.32 - Authenticated (Subscriber+) Missing Authorization via get_cc_orders/update_order_status Functions vulnerability

Authenticated Subscriber+ Missing Authorization via getccorders/updateorderstatus Functions vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Cost Calculator Builder versions = 3.5.32...

CVE-2025-62049

Missing Authorization vulnerability in Stylemix Cost Calculator Builder cost-calculator-builder.This issue affects Cost Calculator Builder: from n/a through = 3.5.32...

EUVD-2025-38075

Missing Authorization vulnerability in Stylemix Cost Calculator Builder cost-calculator-builder.This issue affects Cost Calculator Builder: from n/a through = 3.5.32...

CVE-2025-62049

Missing Authorization vulnerability in Stylemix Cost Calculator Builder cost-calculator-builder.This issue affects Cost Calculator Builder: from n/a through = 3.5.32...

CVE-2025-62049

CVE-2025-62049 is a Missing Authorization (Broken Access Control) vulnerability in WordPress Cost Calculator Builder plugin versions up to and including 3.5.32. Exploitation would allow unauthorized access to the Cost Calculator Builder functionality. The issue is reflected across multiple source...

CVE-2025-62049 WordPress Cost Calculator Builder plugin <= 3.5.32 - Broken Access Control vulnerability

Missing Authorization vulnerability in Stylemix Cost Calculator Builder cost-calculator-builder.This issue affects Cost Calculator Builder: from n/a through = 3.5.32...

PT-2025-45313

Missing Authorization vulnerability in Stylemix Cost Calculator Builder cost-calculator-builder.This issue affects Cost Calculator Builder: from n/a through = 3.5.32...

WordPress Cost Calculator Builder plugin <= 3.5.32 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by ? in WordPress Plugin Cost Calculator Builder versions = 3.5.32...

PT-2025-40620

Name of the Vulnerable Software and Affected Versions WordPress Cost Calculator Builder plugin versions through 3.5.32 Description The Cost Calculator Builder plugin for WordPress has a flaw that allows unauthorized data modification. A missing capability check in the get cc orders and update ord...

SQL injection in the newsletter module

Date : 2018-01-18 CVE ID : CVE-2018-5478 Description The vulnerability is in the "unsubscribe" module of the newsletter extension. It can easily be exploited by anyone without logging in in the front end. Affected versions Contao 3. up to 3.5.31 Suggested solution Update to Contao 3.5.32...