4 matches found
WordPress Kadence Blocks - Page Builder Toolkit for Gutenberg Editor plugin <= 3.6.3 - Missing Authorization to Authenticated (Contributor+) Media Upload vulnerability
WordPress Kadence Blocks - Page Builder Toolkit for Gutenberg Editor plugin = 3.6.3 - Missing Authorization to Authenticated Contributor+ Media Upload vulnerability discovered by lucsob in WordPress Plugin Gutenberg Blocks by Kadence Blocks versions = 3.6.3...
CVE-2026-2826
CVE-2026-2826 affects Kadence Blocks — Page Builder Toolkit for Gutenberg Editor (WordPress). Root cause: the process_pattern REST endpoint does not properly verify the user’s upload_files capability, causing an authorization bypass. Impact: authenticated attackers with contributor level or highe...
CVE-2026-2826 Kadence Blocks — Page Builder Toolkit for Gutenberg Editor <= 3.6.3 - Missing Authorization to Authenticated (Contributor+) Media Upload
The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.6.3. This is due to the plugin not properly verifying that a user has the uploadfiles capability in the processpattern REST API endpoin...
WordPress plugin Kadence Blocks — Page Builder Toolkit for Gutenberg Editor 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...