Impact
The Kadence Blocks plugin for WordPress contains an authorization bypass where the AJAX actions kadence_import_process_pattern and kadence_import_process_data allow any authenticated user with contributor-level access or higher to execute wp_upload_bits() and wp_insert_attachment() without proper capability checks. This flaw enables an attacker to download remote images into the site’s uploads directory and create arbitrary Media Library attachments, effectively allowing the addition of unwanted content or the persistence of malicious files. The weakness is an instance of improper authorization (CWE-862).
Affected Systems
The vulnerability affects the Kadence Blocks – Page Builder Toolkit for Gutenberg Editor plugin from stellarwp, versions up to and including 3.7.7. Users operating on any affected WordPress site that has this plugin installed and does not have a patched version are at risk.
Risk and Exploitability
The CVSS score is 4.3, and the EPSS score is not available. The flaw is not listed in the CISA KEV catalog. Exploitation requires an authenticated user with contributor or higher role; it is not a remote or privilege escalation attack that bypasses authentication. The risk is primarily the ability to inject unwanted media content, which could be leveraged for social engineering or to host malicious resources.
OpenCVE Enrichment