186 matches found
CVE-2026-11357
The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.7.5 via the editorassetsvariables. This makes it possible for authenticated attackers, with contributor-level access and abov...
EUVD-2026-37843
The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.7.5 via the editorassetsvariables. This makes it possible for authenticated attackers, with contributor-level access and abov...
CVE-2026-11357
The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress (versions up to and including 3.7.5) contains a Sensitive Information Exposure flaw in editor_assets_variables. Authenticated attackers with contributor-level access can extract license key, license owner email, a...
WordPress Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin <= 3.7.5 - Authenticated (Contributor+) Sensitive Information Exposure vulnerability
Authenticated Contributor+ Sensitive Information Exposure vulnerability discovered by se1en in WordPress Plugin Gutenberg Blocks by Kadence Blocks versions = 3.7.5...
WordPress Kadence Blocks - Page Builder Toolkit for Gutenberg Editor plugin <= 3.6.3 - Missing Authorization to Authenticated (Contributor+) Media Upload vulnerability
WordPress Kadence Blocks - Page Builder Toolkit for Gutenberg Editor plugin = 3.6.3 - Missing Authorization to Authenticated Contributor+ Media Upload vulnerability discovered by lucsob in WordPress Plugin Gutenberg Blocks by Kadence Blocks versions = 3.6.3...
WordPress Kadence Blocks - Page Builder Toolkit for Gutenberg Editor plugin <= 3.6.3 - Missing Authorization to Authenticated (Contributor+) Media Upload vulnerability
WordPress Kadence Blocks - Page Builder Toolkit for Gutenberg Editor plugin = 3.6.3 - Missing Authorization to Authenticated Contributor+ Media Upload vulnerability discovered by lucsob in WordPress Plugin Gutenberg Blocks by Kadence Blocks versions = 3.6.3...
CVE-2026-2826
The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.6.3. This is due to the plugin not properly verifying that a user has the uploadfiles capability in the processpattern REST API endpoin...
EUVD-2026-18985
The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.6.3. This is due to the plugin not properly verifying that a user has the uploadfiles capability in the processpattern REST API endpoin...
CVE-2026-2826
The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.6.3. This is due to the plugin not properly verifying that a user has the uploadfiles capability in the processpattern REST API endpoin...
CVE-2026-2826
CVE-2026-2826 affects Kadence Blocks — Page Builder Toolkit for Gutenberg Editor (WordPress). Root cause: the process_pattern REST endpoint does not properly verify the user’s upload_files capability, causing an authorization bypass. Impact: authenticated attackers with contributor level or highe...
CVE-2026-2826 Kadence Blocks — Page Builder Toolkit for Gutenberg Editor <= 3.6.3 - Missing Authorization to Authenticated (Contributor+) Media Upload
The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.6.3. This is due to the plugin not properly verifying that a user has the uploadfiles capability in the processpattern REST API endpoin...
CVE-2026-2826 Kadence Blocks — Page Builder Toolkit for Gutenberg Editor <= 3.6.3 - Missing Authorization to Authenticated (Contributor+) Media Upload
The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.6.3. This is due to the plugin not properly verifying that a user has the uploadfiles capability in the processpattern REST API endpoin...
CVE-2026-2826
The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.6.3. This is due to the plugin not properly verifying that a user has the uploadfiles capability in the processpattern REST API endpoin...
PT-2026-30315
The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.6.3. This is due to the plugin not properly verifying that a user has the upload files capability in the process pattern REST API...
WordPress plugin Kadence Blocks — Page Builder Toolkit for Gutenberg Editor 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
CVE-2026-2608
The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.5.32. This makes it possible for authenticated attackers, with Contributor-level access...
CVE-2026-2633
The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.6.1. This is due to a missing capability check in the processimagedataajaxcallback function which handles the kadenceimportprocessimagedata AJAX action. T...
CVE-2026-1857
The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.6.1. This is due to insufficient validation of the endpoint parameter in the getitems function of the GetResponse REST API handler. The endpoint's...
CVE-2026-2633
Summary (CVE-2026-2633) The Gutenberg Blocks with AI by Kadence WP plugin for WordPress (Kadence Blocks) is affected up to version 3.6.1. The vulnerability arises from a missing capability check in the AJAX handler kadence_import_process_image_data, where authorization relies only on edit_posts a...
CVE-2026-2633 Gutenberg Blocks with AI by Kadence WP <= 3.6.1 - Missing Authorization to Authenticated (Contributor+) Unauthorized Media Upload
The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.6.1. This is due to a missing capability check in the processimagedataajaxcallback function which handles the kadenceimportprocessimagedata AJAX action. T...