Description
The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.7.7. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with contributor-level access and above, to create arbitrary Media Library attachments by downloading remote images to the site's uploads directory via wp_upload_bits() and wp_insert_attachment(), bypassing the upload_files capability boundary.
Published: 2026-07-01
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Kadence Blocks plugin for WordPress contains an authorization bypass where the AJAX actions kadence_import_process_pattern and kadence_import_process_data allow any authenticated user with contributor-level access or higher to execute wp_upload_bits() and wp_insert_attachment() without proper capability checks. This flaw enables an attacker to download remote images into the site’s uploads directory and create arbitrary Media Library attachments, effectively allowing the addition of unwanted content or the persistence of malicious files. The weakness is an instance of improper authorization (CWE-862).

Affected Systems

The vulnerability affects the Kadence Blocks – Page Builder Toolkit for Gutenberg Editor plugin from stellarwp, versions up to and including 3.7.7. Users operating on any affected WordPress site that has this plugin installed and does not have a patched version are at risk.

Risk and Exploitability

The CVSS score is 4.3, and the EPSS score is not available. The flaw is not listed in the CISA KEV catalog. Exploitation requires an authenticated user with contributor or higher role; it is not a remote or privilege escalation attack that bypasses authentication. The risk is primarily the ability to inject unwanted media content, which could be leveraged for social engineering or to host malicious resources.

Generated by OpenCVE AI on July 1, 2026 at 15:07 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Kadence Blocks to the latest version (3.7.8 or newer) which implements proper authorization checks for the vulnerable AJAX actions.
  • If an immediate upgrade is not possible, restrict contributor and lower roles from calling the vulnerable AJAX endpoints by adding a capability check (current_user_can('upload_files')) before executing file operations.
  • Disable the Kadence Blocks plugin or remove the specific AJAX handlers entirely until the official patch is applied to prevent any exploitation.

Generated by OpenCVE AI on July 1, 2026 at 15:07 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Stellarwp
Stellarwp kadence Blocks — Page Builder Toolkit For Gutenberg Editor
Wordpress
Wordpress wordpress
Vendors & Products Stellarwp
Stellarwp kadence Blocks — Page Builder Toolkit For Gutenberg Editor
Wordpress
Wordpress wordpress

Wed, 01 Jul 2026 11:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 01 Jul 2026 05:00:00 +0000

Type Values Removed Values Added
Description The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.7.7. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with contributor-level access and above, to create arbitrary Media Library attachments by downloading remote images to the site's uploads directory via wp_upload_bits() and wp_insert_attachment(), bypassing the upload_files capability boundary.
Title Kadence Blocks <= 3.7.7 - Missing Authorization to Authenticated (Contributor+) Arbitrary Media Attachment Creation via kadence_import_process_pattern/kadence_import_process_data AJAX Actions
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}


Subscriptions

Stellarwp Kadence Blocks — Page Builder Toolkit For Gutenberg Editor
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2026-07-01T10:32:05.956Z

Reserved: 2026-06-22T14:18:49.277Z

Link: CVE-2026-12902

cve-icon Vulnrichment

Updated: 2026-07-01T10:31:00.530Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T15:15:04Z

Weaknesses