CVE-2025-5678

The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘redirectURL’ parameter in all versions up to, and including, 3.5.10 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2024-12304

The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via button block link in all versions up to, and including, 3.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticat...

PT-2024-17665 · Kadence Wp · Gutenberg Blocks With Ai By Kadence Wp

Name of the Vulnerable Software and Affected Versions: Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress versions up to, and including, 3.2.53 Description: The issue is related to Stored Cross-Site Scripting via admin settings due to insufficient input sanitizati...

CVE-2024-10785

The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Countdown' widget in all versions up to, and including, 3.3.3 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2024-10785 Gutenberg Blocks with AI by Kadence WP – Page Builder Features <= 3.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Countdown' widget in all versions up to, and including, 3.3.3 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2024-4863

The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘titleFont’ parameter in all versions up to, and including, 3.2.38 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2024-3189

CVE-2024-3189 affects Gutenberg Blocks by Kadence Blocks – Page Builder Features for WordPress. All versions ≤ 3.2.37 are vulnerable to Stored XSS via the plugin blocks (Testimonial, Progress Bar, Lottie Animations, Row Layout, Google Maps, Advanced Gallery) due to insufficient input sanitization...

CVE-2024-4209

The vulnerability CVE-2024-4209 affects Gutenberg Blocks with AI by Kadence Blocks – Page Builder Features for WordPress. It is a Stored Cross-Site Scripting (XSS) via the countdown timer in versions up to 3.2.36, caused by insufficient input sanitization and output escaping on user-supplied attr...

CVE-2024-2273

The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 3.2.34 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2024-0598

The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the contact form message settings in all versions up to and including 3.2.17 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2024-2919

The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the CountUp Widget in all versions up to, and including, 3.2.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes i...

CVE-2024-2919

The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the CountUp Widget in all versions up to, and including, 3.2.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes i...

Gutenberg Blocks by Kadence Blocks – Page Builder Features < 3.2.32 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown and CountUp Widget

Description The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown and CountUp Widget in all versions up to, and including, 3.2.31 due to insufficient input sanitization and output escaping on user supplie...

CVE-2024-1541

The Gutenberg Blocks by Kadence Blocks – Page Builder Features WordPress plugin (up to version 3.2.23) is affected by a Stored Cross-Site Scripting vulnerability via the htmlTag attribute due to insufficient input sanitization and output escaping. Exploitation requires authentication with Contrib...