What the vulnerability does
01Description
The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.6.3. This is due to the plugin not properly verifying that a user has the `upload_files` capability in the `process_pattern` REST API endpoint. This makes it possible for authenticated attackers, with contributor level access and above, to upload images to the WordPress Media Library by supplying remote image URLs that the server downloads and creates as media attachments.
Explanation of Vulnerability in Simple Terms
02Summary
Kadence Blocks versions 3.6.3 and earlier lack proper authorization checks on certain administrative functions. A logged-in user with low privileges can modify site content or settings they should not have access to. The vulnerability requires an active WordPress user account but no special interaction from other users.
What an attacker can do
03Attacker Capabilities
Modify site content or settings without proper permission.
Potential impact on your site
04Site Impact
Unauthorized users can alter page layouts, blocks, or site configuration through Kadence Blocks.
Conditions required to exploit
05Prerequisites
Attacker must have a low-privilege WordPress user account (e.g., Contributor or Subscriber).
Key dates
06Disclosure timeline
April 4, 2026
CVE published
April 8, 2026
Record updated