CVE-2026-1857

The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.6.1. This is due to insufficient validation of the endpoint parameter in the getitems function of the GetResponse REST API handler. The endpoint's...

PT-2026-20352

The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.6.1. This is due to a missing capability check in the process image data ajax callback function which handles the kadence import process image data AJAX...

EUVD-2025-200181

The Kadence WooCommerce Email Designer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the customer name in all versions up to, and including, 1.5.17 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2025-54697 WordPress Kadence WooCommerce Email Designer Plugin <= 1.5.16 - Privilege Escalation Vulnerability

Incorrect Privilege Assignment vulnerability in Ben Ritner - Kadence WP Kadence WooCommerce Email Designer allows Privilege Escalation. This issue affects Kadence WooCommerce Email Designer: from n/a through 1.5.16...

WordPress Kadence WooCommerce Email Designer plugin <= 1.5.14 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Phan Trong Quan - VNPT Cyber Immunity in WordPress Plugin Kadence WooCommerce Email Designer versions = 1.5.14...

WordPress plugin Kadence WooCommerce Email Designer 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists i...

PT-2025-1809 · Kadence Wp · Gutenberg Blocks With Ai

Name of the Vulnerable Software and Affected Versions: Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress versions up to, and including, 3.4.2 Description: The issue is related to Stored Cross-Site Scripting via a button block link due to insufficient input...

PT-2024-17665 · Kadence Wp · Gutenberg Blocks With Ai By Kadence Wp

Name of the Vulnerable Software and Affected Versions: Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress versions up to, and including, 3.2.53 Description: The issue is related to Stored Cross-Site Scripting via admin settings due to insufficient input sanitizati...

PT-2024-37926 · Kadence Wp · Gutenberg Blocks With Ai

Name of the Vulnerable Software and Affected Versions: The Gutenberg Blocks with AI by Kadence WP versions prior to 3.2.39 Description: The issue concerns the failure to validate and escape certain block options before they are outputted in a page or post where the block is embedded. This could...

CVE-2024-4057

The Gutenberg Blocks with AI by Kadence WP WordPress plugin before 3.2.37 does not validate and escape some of its block attributes before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripti...

PT-2024-29734 · Kadence Wp · Gutenberg Blocks With Ai By Kadence Wp

Name of the Vulnerable Software and Affected Versions: The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress versions up to, and including, 3.2.37 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes i...

CVE-2023-47186

Cross-Site Request Forgery CSRF vulnerability in Kadence WP Kadence WooCommerce Email Designer plugin = 1.5.11 versions...

CVE-2022-3335

The Kadence WooCommerce Email Designer WordPress plugin before 1.5.7 unserialises the content of an imported file, which could lead to PHP object injections issues when an admin import intentionally or not a malicious file and a suitable gadget chain is present on the blog...