CVE-2024-24888 MEDIUM

CVE-2024-24888: WordPress Gutenberg Blocks by Kadence Blocks plugin <= 3.2.25 - Server Side Request Forgery (SSRF) vulnerability

Vendor Stellarwp

Product Gutenberg Blocks by Kadence Blocks

Weakness CWE-918 · SSRF

Published April 2, 2024

Last update April 28, 2026

View on NVD All CVEs

CVSS base score

6.4/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

Server-Side Request Forgery (SSRF) vulnerability in StellarWP Gutenberg Blocks by Kadence Blocks kadence-blocks.This issue affects Gutenberg Blocks by Kadence Blocks: from n/a through <= 3.2.25.

Key dates

02Disclosure timeline

April 2, 2024 CVE published

April 28, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-24888

Related vulnerabilities

04Related CVE

CVE-2026-1062 xiweicheng TMS HtmlUtil.java summary server-side request forgery CVE-2026-21294 Adobe Commerce | Server-Side Request Forgery (SSRF) (CWE-918) CVE-2026-5346 huimeicloud hm_editor image-to-base64 Endpoint mcp-server.js client.get server-side request forgery CVE-2026-4623 DefaultFuction Jeson-Customer-Relationship-Management-System API Module System.php server-side request forgery CVE-2020-36884 BrightSign Digital Signage Diagnostic Web Server 8.2.26 Unauthenticated SSRF

Identifiers

CVE CVE-2024-24888

CWE CWE-918

CVSS 6.4 / MEDIUM

Affected versions

Vendor Stellarwp

Product Gutenberg Blocks by Kadence Blocks

Affected ≤ 3.2.25