Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total3
Critical0
High0
Medium3
Reset
Showing 1-3 of 3 records
Threat Entry Updated 2026-04-15

CVE-2026-2633 - Kadence Blocks — Page Builder Toolkit for Gutenberg Editor Plugin

The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.6.1. This is due to a missing capability check in the `process_image_data_ajax_callback()` function which handles the `kadence_import_process_image_data` AJAX action. The function's authorization check via `verify_ajax_call()` only validates `edit_posts` capability but fails to check for the `upload_files` capability. This makes it possible for authenticated attackers, with Contributor-level access and above, to upload arbitrary images from remote URLs to the WordPress Media Library, bypassing the standard WordPress capability restriction…

PLUGIN Kadence Blocks — Page Builder Toolkit for Gutenberg Editor

CVE-2026-2633

MEDIUM CVSS 4.3 2026-02-18
Open Full Technical Breakdown
Threat Entry Updated 2026-04-15

CVE-2026-1857 - Kadence Blocks — Page Builder Toolkit for Gutenberg Editor Plugin

The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.6.1. This is due to insufficient validation of the `endpoint` parameter in the `get_items()` function of the GetResponse REST API handler. The endpoint's permission check only requires `edit_posts` capability (Contributor role) rather than `manage_options` (Administrator). This makes it possible for authenticated attackers, with Contributor-level access and above, to make server-side requests to arbitrary endpoints on the configured GetResponse API server, retrieving sensitive data such as contacts,…

PLUGIN Kadence Blocks — Page Builder Toolkit for Gutenberg Editor

CVE-2026-1857

MEDIUM CVSS 4.3 2026-02-18
Open Full Technical Breakdown
Threat Entry Updated 2026-04-15

CVE-2026-2608 - Kadence Blocks — Page Builder Toolkit for Gutenberg Editor Plugin

The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.5.32. This makes it possible for authenticated attackers, with Contributor-level access and above, to perform an unauthorized action.

PLUGIN Kadence Blocks — Page Builder Toolkit for Gutenberg Editor

CVE-2026-2608

MEDIUM CVSS 4.3 2026-02-17
Open Full Technical Breakdown
Scroll to top