Kadence Blocks — Page Builder Toolkit for Gutenberg Editor — Plugin Vulnerabilities

N/A

2026-02-10< 3.6.0

Gutenberg Blocks with AI by Kadence WP – Page Builder Features <= 3.5.32 - Incorrect Authorization to Authenticated (Contributor+) Post Publication

Wordfence

N/A

2026-02-11< 3.6.0

Gutenberg Blocks by Kadence Blocks <= 3.5.32 - Missing Authorization

Wordfence CVE

N/A

2026-02-17< 3.6.2

Gutenberg Blocks with AI by Kadence WP <= 3.6.1 - Authenticated (Contributor+) Server-Side Request Forgery via 'endpoint' Parameter

Wordfence CVE

N/A

2026-02-17< 3.6.2

Gutenberg Blocks with AI by Kadence WP <= 3.6.1 - Missing Authorization to Authenticated (Contributor+) Unauthorized Media Upload

Wordfence CVE

N/A

2026-04-03< 3.6.4

Kadence Blocks — Page Builder Toolkit for Gutenberg Editor <= 3.6.3 - Missing Authorization to Authenticated (Contributor+) Media Upload

Wordfence CVE

Medium 6.4

2025-07-09< 3.5.11

Kadence Blocks – Gutenberg Blocks for Page Builder Features <= 3.5.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via `redirectURL` Parameter

EUVD Wordfence CVE

Medium 6.4

2025-03-01< 3.4.10

Gutenberg Blocks by Kadence Blocks <= 3.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'icon'

EUVD Wordfence CVE

Medium 4.3

2025-01-24< 3.3.2

CVE-2025-24753

CVE Wordfence EUVD

Medium 6.4

2025-01-11< 3.4.3

CVE-2024-12304

CVE Wordfence

Medium 4.4

2024-12-13< 3.2.54

CVE-2024-12581

CVE Wordfence

Medium 5.4

2024-12-12< 3.2.54

CVE-2024-10637

CVE Patchstack Wordfence

Medium 6.4

2024-11-21< 3.3.4

CVE-2024-10785

CVE Patchstack Wordfence

Medium 5.4

2024-11-01< 3.3.2

CVE-2024-9655

CVE Patchstack Wordfence

Medium 5.4

2024-08-08< 3.2.39

CVE-2024-6884

CVE Patchstack Wordfence

Medium 5.4

2024-07-01< 3.2.46

WordPress Gutenberg Blocks by Kadence Blocks Plugin <= 3.2.45 is vulnerable to Cross Site Scripting (XSS)

Patchstack CVE Wordfence

Medium 5.4

2024-06-27< 3.2.43

CVE-2024-5289

CVE Wordfence Patchstack

Medium 5.4

2024-06-14< 3.2.39

CVE-2024-4863

CVE Patchstack Wordfence

Medium 6.1

2024-06-04< 3.2.37

CVE-2024-4057

CVE Patchstack Wordfence

Medium 5.4

2024-05-15< 3.2.38

CVE-2024-4208

CVE Wordfence

Medium 5.4

2024-05-15< 3.2.38

CVE-2024-3189

CVE Patchstack Wordfence

Medium 5.4

2024-05-11< 3.2.37

CVE-2024-4209

CVE Wordfence

Medium 5.4

2024-05-10< 3.2.37

CVE-2024-4481

CVE Patchstack Wordfence

Medium 5.4

2024-05-02< 3.2.35

CVE-2024-2273

CVE Wordfence Patchstack

Medium 6.4

2024-04-09< 3.2.12

CVE-2023-6964

CVE Wordfence Patchstack

Medium 6.5

2024-04-05< 3.2.26

CVE-2024-2509

CVE Patchstack WPScan WPScan

Medium 5.4

2024-04-04< 3.2.32

CVE-2024-2919

CVE Wordfence Patchstack

Medium 4.8

2024-04-09< 3.2.18

CVE-2024-0598

CVE Wordfence Patchstack WPScan

Medium 6.4

2024-04-02< 3.2.26

CVE-2024-24888

CVE Wordfence Patchstack WPScan

High 7.7

2024-03-28< 3.2.20

CVE-2024-23500

CVE Wordfence Patchstack

N/A

2024-04-09< 3.2.26

CVE-2024-2866

CVE Wordfence

Medium 5.4

2024-04-09< 3.2.26

CVE-2024-1999

CVE Wordfence Patchstack WPScan

Medium 5.4

2024-03-13< 3.2.24

CVE-2024-1541

CVE Wordfence Patchstack WPScan

N/A

2023-08-09< 3.1.11

WordPress Gutenberg Blocks by Kadence Blocks Plugin <= 3.1.10 is vulnerable to Arbitrary File Upload

Patchstack

N/A

2023-08-09< 3.1.11

Kadence Blocks <= 3.1.10 - Unauthenticated Arbitrary File Upload

Wordfence