WordPress plugin Kadence Blocks — Page Builder Toolkit for Gutenberg Editor 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

WordPress Gutenberg Blocks with AI by Kadence WP plugin <= 3.6.1 - Missing Authorization to Authenticated (Contributor+) Unauthorized Media Upload vulnerability

Missing Authorization to Authenticated Contributor+ Unauthorized Media Upload vulnerability discovered by Ali Sünbül in WordPress Plugin Gutenberg Blocks by Kadence Blocks versions = 3.6.1...

WordPress Gutenberg Blocks by Kadence Blocks plugin <= 3.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'icon' vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'icon' vulnerability discovered by stealthcopter in WordPress Plugin Gutenberg Blocks by Kadence Blocks versions = 3.4.9...

CVE-2024-3189

The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Testimonial', 'Progress Bar', 'Lottie Animations', 'Row Layout', 'Google Maps', and 'Advanced Gallery' blocks in all versions up to, and including,...

CVE-2024-4208 Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.37 - Authenticated (Contributor+) Stored Cross-Site Scripting via Typer Effect

The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the typer effect in the advanced heading widget in all versions up to, and including, 3.2.37 due to insufficient input sanitization and output escaping on user...

WordPress Gutenberg Blocks by Kadence Blocks Plugin <= 3.2.31 is vulnerable to Cross Site Scripting (XSS)

Software Gutenberg Blocks by Kadence Blocks Type Plugin Vulnerable versions = 3.2.31 Fixed in 3.2.32 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2919 Patch priority Low CVSS severity Low 6.5 Developer KadenceWP PSID 67f4bc4f06d9 Credits Webbernau...

WordPress Gutenberg Blocks by Kadence Blocks Plugin <= 3.2.25 is vulnerable to Server Side Request Forgery (SSRF)

Software Gutenberg Blocks by Kadence Blocks Type Plugin Vulnerable versions = 3.2.25 Fixed in 3.2.26 OWASP Top 10 A10: Server-Side Request Forgery SSRF Classification Server Side Request Forgery SSRF CVE CVE-2024-24888 Patch priority Low CVSS severity Low 6.4 Developer KadenceWP PSID ca4cec35c250...