Description
The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.7.5 via the editor_assets_variables. This makes it possible for authenticated attackers, with contributor-level access and above, to extract the site's connected Kadence account license key, license owner email, api_key, api_email, and license domain from the browser console by inspecting window.kadence_blocks_params.proData. Exploitation requires only that an administrator has previously connected a valid Kadence license; the full credential bundle is then readable by any Contributor-level user from the block editor client context without any server-side request manipulation.
Published: 2026-06-18
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Kadence Blocks plugin for WordPress contains a flaw in how it exposes editor assets. The editor_assets_variables includes a proData object that is injected into the browser as window.kadence_blocks_params. An authenticated user with contributor‑level permissions can open the block editor and inspect the console to read the entire proData payload, which contains the site’s Kadence license key, owner email, API key, API email, and license domain. This represents a sensitive information exposure; no additional exploitation or privilege escalation is required beyond existing contributor access.

Affected Systems

The vulnerability affects the Kadence Blocks – Page Builder Toolkit for Gutenberg Editor plugin, developed by stellarwp, versions 3.7.5 and earlier. Anyone running a WordPress site that has installed Kadence Blocks up to and including 3.7.5, and has an administrator previously connected a valid Kadence license, is impacted. The bug is client‑side only; it does not require any server‑side manipulation or network traffic.

Risk and Exploitability

The CVSS score of 4.3 indicates a moderate severity. The EPSS score is below 1%, implying a very low current probability of exploitation. The vulnerability is not listed in the CISA KEV catalog. Because the flaw is purely informational and requires only contributor‑level access to the block editor, it is easy to exploit for any user who is already able to edit content. Attackers can simply open the block editor, view the browser console, and retrieve the sensitive key bundle.

Generated by OpenCVE AI on June 18, 2026 at 17:58 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Kadence Blocks to the latest release (version 3.7.6 or newer).
  • If an immediate upgrade is not possible, remove or obfuscate the proData parameter from the client‑side configuration so that the license details are no longer exposed in the browser.
  • Limit contributor‑level users from accessing the block editor, or configure WordPress permissions so that only administrators or privileged roles can use the editor, thereby preventing them from viewing the proData object.

Generated by OpenCVE AI on June 18, 2026 at 17:58 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 18 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Stellarwp
Stellarwp kadence Blocks — Page Builder Toolkit For Gutenberg Editor
Wordpress
Wordpress wordpress
Vendors & Products Stellarwp
Stellarwp kadence Blocks — Page Builder Toolkit For Gutenberg Editor
Wordpress
Wordpress wordpress

Thu, 18 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
Description The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.7.5 via the editor_assets_variables. This makes it possible for authenticated attackers, with contributor-level access and above, to extract the site's connected Kadence account license key, license owner email, api_key, api_email, and license domain from the browser console by inspecting window.kadence_blocks_params.proData. Exploitation requires only that an administrator has previously connected a valid Kadence license; the full credential bundle is then readable by any Contributor-level user from the block editor client context without any server-side request manipulation.
Title Kadence Blocks <= 3.7.5 - Authenticated (Contributor+) Sensitive Information Exposure via Block Editor proData Localization
Weaknesses CWE-200
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Subscriptions

Stellarwp Kadence Blocks — Page Builder Toolkit For Gutenberg Editor
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2026-06-18T13:03:42.940Z

Reserved: 2026-06-05T11:33:21.779Z

Link: CVE-2026-11357

cve-icon Vulnrichment

Updated: 2026-06-18T13:03:37.474Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T20:15:04Z

Weaknesses
  • CWE-200

    Exposure of Sensitive Information to an Unauthorized Actor