VYPR
Vendor

Kadencewp

Products
3
CVEs
31
Across products
32
Status
Private

Products

3

Recent CVEs

31
View all 31 CVEs →
  • CVE-2025-39557CriApr 16, 2025
    risk 0.59cvss 9.1epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in StellarWP Kadence WooCommerce Email Designer kadence-woocommerce-email-designer allows Upload a Web Shell to a Web Server.This issue affects Kadence WooCommerce Email Designer: from n/a through <= 1.5.14.

  • CVE-2023-6964HigApr 9, 2024
    risk 0.55cvss 8.5epss 0.00

    The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.1.26 via the 'kadence_import_get_new_connection_data' AJAX action. This makes it possible for authenticated…

  • CVE-2024-23500HigMar 28, 2024
    risk 0.50cvss 7.7epss 0.01

    Server-Side Request Forgery (SSRF) vulnerability in StellarWP Gutenberg Blocks by Kadence Blocks kadence-blocks.This issue affects Gutenberg Blocks by Kadence Blocks: from n/a through <= 3.2.19.

  • CVE-2025-54697HigAug 14, 2025
    risk 0.47cvss 7.2epss 0.00

    Incorrect Privilege Assignment vulnerability in StellarWP Kadence WooCommerce Email Designer kadence-woocommerce-email-designer allows Privilege Escalation.This issue affects Kadence WooCommerce Email Designer: from n/a through <= 1.5.16.

  • CVE-2024-5289MedJun 27, 2024
    risk 0.42cvss 6.4epss 0.00

    The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Google Maps widget parameters in all versions up to, and including, 3.2.42 due to insufficient input sanitization and output escaping.…

  • CVE-2024-4208MedMay 15, 2024
    risk 0.42cvss 6.4epss 0.00

    The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the typer effect in the advanced heading widget in all versions up to, and including, 3.2.37 due to insufficient input sanitization and…

  • CVE-2024-2273MedMay 2, 2024
    risk 0.42cvss 6.4epss 0.00

    The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 3.2.34 due to insufficient input sanitization and output escaping. This makes it…

  • CVE-2024-1999MedApr 9, 2024
    risk 0.42cvss 6.4epss 0.01

    The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Testimonial Widget's anchor style parameter in all versions up to, and including, 3.2.25 due to insufficient input sanitization and output…

  • CVE-2024-24888MedApr 2, 2024
    risk 0.42cvss 6.4epss 0.00

    Server-Side Request Forgery (SSRF) vulnerability in StellarWP Gutenberg Blocks by Kadence Blocks kadence-blocks.This issue affects Gutenberg Blocks by Kadence Blocks: from n/a through <= 3.2.25.

  • CVE-2024-1541MedMar 13, 2024
    risk 0.42cvss 6.4epss 0.01

    The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the htmlTag attribute in all versions up to, and including, 3.2.23 due to insufficient input sanitization and output escaping. This makes it…

  • CVE-2025-13387HigDec 2, 2025
    risk 0.40cvss 7.2epss 0.00

    The Kadence WooCommerce Email Designer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the customer name in all versions up to, and including, 1.5.17 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated…

  • CVE-2024-5819MedJun 29, 2024
    risk 0.35cvss 6.4epss 0.00

    The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to DOM-based Stored Cross-Site Scripting via HTML data attributes in all versions up to, and including, 3.2.45 due to insufficient input sanitization and output escaping on…

  • CVE-2024-4863MedJun 14, 2024
    risk 0.35cvss 6.4epss 0.00

    The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘titleFont’ parameter in all versions up to, and including, 3.2.38 due to insufficient input sanitization and output escaping. This…

  • CVE-2024-4481MedMay 14, 2024
    risk 0.35cvss 6.4epss 0.00

    The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' attribute of the plugin's blocks in all versions up to, and including, 3.2.36 due to insufficient input sanitization and output escaping on user supplied…

  • CVE-2024-4209MedMay 14, 2024
    risk 0.35cvss 6.4epss 0.00

    The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the countdown timer in all versions up to, and including, 3.2.36 due to insufficient input sanitization and output escaping on user supplied…

  • CVE-2024-2919MedApr 4, 2024
    risk 0.35cvss 6.4epss 0.00

    The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the CountUp Widget in all versions up to, and including, 3.2.31 due to insufficient input sanitization and output escaping on user supplied…

  • CVE-2024-0598MedApr 9, 2024
    risk 0.29cvss 4.4epss 0.01

    The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the contact form message settings in all versions up to and including 3.2.17 due to insufficient input sanitization and output escaping. This…

  • CVE-2026-2633MedFeb 18, 2026
    risk 0.28cvss 4.3epss 0.00

    The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.6.1. This is due to a missing capability check in the `process_image_data_ajax_callback()` function which handles the…

  • CVE-2026-1857MedFeb 18, 2026
    risk 0.28cvss 4.3epss 0.00

    The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.6.1. This is due to insufficient validation of the `endpoint` parameter in the `get_items()` function of the GetResponse REST API…

  • CVE-2025-24753MedJan 24, 2025
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in StellarWP Gutenberg Blocks by Kadence Blocks kadence-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gutenberg Blocks by Kadence Blocks: from n/a through <= 3.3.1.