CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
What the vulnerability does
The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.5.32. This makes it possible for authenticated attackers, with Contributor-level access and above, to perform an unauthorized action.
Explanation of Vulnerability in Simple Terms
Kadence Blocks contains an authorization flaw that allows authenticated users with low privileges to modify content they should not have access to. The vulnerability affects all versions up to 3.5.32. An attacker with a basic user account can alter site data without proper permission checks. Update to a version newer than 3.5.32 to resolve this issue.
What an attacker can do
Modify site content or settings without proper authorization.
Potential impact on your site
Unauthorized users can alter pages, blocks, or settings they should not be able to edit.
Conditions required to exploit
Attacker must have a low-privilege user account on the site.
Key dates
External resources
Related vulnerabilities
