Kadencewp

kadencewp

29 CVEs • 4 products

Products (4)

Click to collapse

Toggle

Gutenberg Blocks With Ai

gutenberg_blocks_with_ai

Kadence Woocommerce Email Designer

kadence_woocommerce_email_designer

Starter Templates

starter_templates

Kadence Blocks Pro

kadence_blocks_pro

CVEs (29)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-6964 1Kadencewp 1Gutenberg Blocks With Ai Apr 8, 2026 Apr 9, 2024 N/A· v4 6.4 MEDIUM· v3 N/A· v2 The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.1.26 via the 'kadence_import_get_new_connection_dat...Show more The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.1.26 via the 'kadence_import_get_new_connection_data' AJAX action. This makes it possible for authenticated attackers, with contributor-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.Show less
CVE-2024-2509 1Kadencewp 1Gutenberg Blocks With Ai May 13, 2025 Apr 5, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 The Gutenberg Blocks by Kadence Blocks WordPress plugin before 3.2.26 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users wi...Show more The Gutenberg Blocks by Kadence Blocks WordPress plugin before 3.2.26 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacksShow less
CVE-2024-2919 1Kadencewp 1Gutenberg Blocks With Ai Apr 8, 2026 Apr 4, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the CountUp Widget in all versions up to, and including, 3.2.31 due to insufficient inp...Show more The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the CountUp Widget in all versions up to, and including, 3.2.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.Show less
CVE-2024-24888 1Kadencewp 1Gutenberg Blocks With Ai Apr 28, 2026 Apr 2, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Server-Side Request Forgery (SSRF) vulnerability in StellarWP Gutenberg Blocks by Kadence Blocks kadence-blocks.This issue affects Gutenberg Blocks by Kadence Blocks: from n/a through <= 3.2.25.
CVE-2024-23500 1Kadencewp 1Gutenberg Blocks With Ai Apr 23, 2026 Mar 28, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Server-Side Request Forgery (SSRF) vulnerability in StellarWP Gutenberg Blocks by Kadence Blocks kadence-blocks.This issue affects Gutenberg Blocks by Kadence Blocks: from n/a through <= 3.2.19.
CVE-2024-1541 1Kadencewp 1Gutenberg Blocks With Ai Apr 8, 2026 Mar 13, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the htmlTag attribute in all versions up to, and including, 3.2.23 due to insufficient...Show more The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the htmlTag attribute in all versions up to, and including, 3.2.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.Show less
CVE-2023-47186 1Kadencewp 1Kadence Woocommerce Email Designer Apr 28, 2026 Nov 6, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Kadence WP Kadence WooCommerce Email Designer plugin <= 1.5.11 versions.
CVE-2022-3679 1Kadencewp 1Starter Templates Apr 9, 2025 Jan 9, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 The Starter Templates by Kadence WP WordPress plugin before 1.2.17 unserialises the content of an imported file, which could lead to PHP object injection issues when an admin import (intentionally or not) a malicious fil...Show more The Starter Templates by Kadence WP WordPress plugin before 1.2.17 unserialises the content of an imported file, which could lead to PHP object injection issues when an admin import (intentionally or not) a malicious file and a suitable gadget chain is present on the blog.Show less
CVE-2022-3335 1Kadencewp 1Kadence Woocommerce Email Designer May 9, 2025 Oct 25, 2022 N/A· v4 7.2 HIGH· v3 N/A· v2 The Kadence WooCommerce Email Designer WordPress plugin before 1.5.7 unserialises the content of an imported file, which could lead to PHP object injections issues when an admin import (intentionally or not) a malicious...Show more The Kadence WooCommerce Email Designer WordPress plugin before 1.5.7 unserialises the content of an imported file, which could lead to PHP object injections issues when an admin import (intentionally or not) a malicious file and a suitable gadget chain is present on the blog.Show less