Vendor CVEs
Kadencewp
All CVEs
31 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-39557 | Cri | 0.59 | 9.1 | 0.01 | Apr 16, 2025 | Unrestricted Upload of File with Dangerous Type vulnerability in StellarWP Kadence WooCommerce Email Designer kadence-woocommerce-email-designer allows Upload a Web Shell to a Web Server.This issue affects Kadence WooCommerce Email Designer: from n/a through <= 1.5.14. | ||
| CVE-2023-6964 | Hig | 0.55 | 8.5 | 0.00 | Apr 9, 2024 | The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.1.26 via the 'kadence_import_get_new_connection_data' AJAX action. This makes it possible for authenticated… | ||
| CVE-2024-23500 | Hig | 0.50 | 7.7 | 0.01 | Mar 28, 2024 | Server-Side Request Forgery (SSRF) vulnerability in StellarWP Gutenberg Blocks by Kadence Blocks kadence-blocks.This issue affects Gutenberg Blocks by Kadence Blocks: from n/a through <= 3.2.19. | ||
| CVE-2025-54697 | Hig | 0.47 | 7.2 | 0.00 | Aug 14, 2025 | Incorrect Privilege Assignment vulnerability in StellarWP Kadence WooCommerce Email Designer kadence-woocommerce-email-designer allows Privilege Escalation.This issue affects Kadence WooCommerce Email Designer: from n/a through <= 1.5.16. | ||
| CVE-2024-5289 | Med | 0.42 | 6.4 | 0.00 | Jun 27, 2024 | The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Google Maps widget parameters in all versions up to, and including, 3.2.42 due to insufficient input sanitization and output escaping.… | ||
| CVE-2024-4208 | Med | 0.42 | 6.4 | 0.00 | May 15, 2024 | The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the typer effect in the advanced heading widget in all versions up to, and including, 3.2.37 due to insufficient input sanitization and… | ||
| CVE-2024-2273 | Med | 0.42 | 6.4 | 0.00 | May 2, 2024 | The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 3.2.34 due to insufficient input sanitization and output escaping. This makes it… | ||
| CVE-2024-1999 | Med | 0.42 | 6.4 | 0.01 | Apr 9, 2024 | The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Testimonial Widget's anchor style parameter in all versions up to, and including, 3.2.25 due to insufficient input sanitization and output… | ||
| CVE-2024-24888 | Med | 0.42 | 6.4 | 0.00 | Apr 2, 2024 | Server-Side Request Forgery (SSRF) vulnerability in StellarWP Gutenberg Blocks by Kadence Blocks kadence-blocks.This issue affects Gutenberg Blocks by Kadence Blocks: from n/a through <= 3.2.25. | ||
| CVE-2024-1541 | Med | 0.42 | 6.4 | 0.01 | Mar 13, 2024 | The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the htmlTag attribute in all versions up to, and including, 3.2.23 due to insufficient input sanitization and output escaping. This makes it… | ||
| CVE-2025-13387 | Hig | 0.40 | 7.2 | 0.00 | Dec 2, 2025 | The Kadence WooCommerce Email Designer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the customer name in all versions up to, and including, 1.5.17 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated… | ||
| CVE-2024-5819 | Med | 0.35 | 6.4 | 0.00 | Jun 29, 2024 | The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to DOM-based Stored Cross-Site Scripting via HTML data attributes in all versions up to, and including, 3.2.45 due to insufficient input sanitization and output escaping on… | ||
| CVE-2024-4863 | Med | 0.35 | 6.4 | 0.00 | Jun 14, 2024 | The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘titleFont’ parameter in all versions up to, and including, 3.2.38 due to insufficient input sanitization and output escaping. This… | ||
| CVE-2024-4481 | Med | 0.35 | 6.4 | 0.00 | May 14, 2024 | The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' attribute of the plugin's blocks in all versions up to, and including, 3.2.36 due to insufficient input sanitization and output escaping on user supplied… | ||
| CVE-2024-4209 | Med | 0.35 | 6.4 | 0.00 | May 14, 2024 | The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the countdown timer in all versions up to, and including, 3.2.36 due to insufficient input sanitization and output escaping on user supplied… | ||
| CVE-2024-2919 | Med | 0.35 | 6.4 | 0.00 | Apr 4, 2024 | The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the CountUp Widget in all versions up to, and including, 3.2.31 due to insufficient input sanitization and output escaping on user supplied… | ||
| CVE-2024-0598 | Med | 0.29 | 4.4 | 0.01 | Apr 9, 2024 | The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the contact form message settings in all versions up to and including 3.2.17 due to insufficient input sanitization and output escaping. This… | ||
| CVE-2026-2633 | Med | 0.28 | 4.3 | 0.00 | Feb 18, 2026 | The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.6.1. This is due to a missing capability check in the `process_image_data_ajax_callback()` function which handles the… | ||
| CVE-2026-1857 | Med | 0.28 | 4.3 | 0.00 | Feb 18, 2026 | The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.6.1. This is due to insufficient validation of the `endpoint` parameter in the `get_items()` function of the GetResponse REST API… | ||
| CVE-2025-24753 | Med | 0.28 | 4.3 | 0.00 | Jan 24, 2025 | Missing Authorization vulnerability in StellarWP Gutenberg Blocks by Kadence Blocks kadence-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gutenberg Blocks by Kadence Blocks: from n/a through <= 3.3.1. | ||
| CVE-2024-3189 | Med | 0.28 | 5.4 | 0.00 | May 15, 2024 | The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Testimonial', 'Progress Bar', 'Lottie Animations', 'Row Layout', 'Google Maps', and 'Advanced Gallery' blocks in all versions up… | ||
| CVE-2023-47186 | Med | 0.28 | 4.3 | 0.00 | Nov 6, 2023 | Cross-Site Request Forgery (CSRF) vulnerability in Kadence WP Kadence WooCommerce Email Designer plugin <= 1.5.11 versions. | ||
| CVE-2025-5678 | 0.00 | — | 0.00 | Jul 9, 2025 | The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘redirectURL’ parameter in all versions up to, and including, 3.5.10 due to insufficient input sanitization and output escaping.… | |||
| CVE-2024-12304 | 0.00 | — | 0.00 | Jan 11, 2025 | The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via button block link in all versions up to, and including, 3.4.2 due to insufficient input sanitization and output escaping. This makes it… | |||
| CVE-2024-12581 | 0.00 | — | 0.00 | Dec 13, 2024 | The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.2.53 due to insufficient input sanitization and output escaping. This makes it… | |||
| CVE-2024-10637 | 0.00 | — | 0.00 | Dec 12, 2024 | The Gutenberg Blocks with AI by Kadence WP WordPress plugin before 3.2.54 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored… | |||
| CVE-2024-10785 | 0.00 | — | 0.00 | Nov 21, 2024 | The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Countdown' widget in all versions up to, and including, 3.3.3 due to insufficient input sanitization and output escaping. This makes it… | |||
| CVE-2024-9655 | 0.00 | — | 0.00 | Nov 1, 2024 | The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Icon widget in all versions up to, and including, 6.6.2 due to insufficient input sanitization and output escaping on user… | |||
| CVE-2024-6884 | 0.00 | — | 0.00 | Aug 8, 2024 | The Gutenberg Blocks with AI by Kadence WP WordPress plugin before 3.2.39 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored… | |||
| CVE-2024-4057 | 0.00 | — | 0.00 | Jun 4, 2024 | The Gutenberg Blocks with AI by Kadence WP WordPress plugin before 3.2.37 does not validate and escape some of its block attributes before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored… | |||
| CVE-2022-3335 | 0.00 | — | 0.01 | Oct 25, 2022 | The Kadence WooCommerce Email Designer WordPress plugin before 1.5.7 unserialises the content of an imported file, which could lead to PHP object injections issues when an admin import (intentionally or not) a malicious file and a suitable gadget chain is present on the blog. |
- risk 0.59cvss 9.1epss 0.01
Unrestricted Upload of File with Dangerous Type vulnerability in StellarWP Kadence WooCommerce Email Designer kadence-woocommerce-email-designer allows Upload a Web Shell to a Web Server.This issue affects Kadence WooCommerce Email Designer: from n/a through <= 1.5.14.
- risk 0.55cvss 8.5epss 0.00
The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.1.26 via the 'kadence_import_get_new_connection_data' AJAX action. This makes it possible for authenticated…
- risk 0.50cvss 7.7epss 0.01
Server-Side Request Forgery (SSRF) vulnerability in StellarWP Gutenberg Blocks by Kadence Blocks kadence-blocks.This issue affects Gutenberg Blocks by Kadence Blocks: from n/a through <= 3.2.19.
- risk 0.47cvss 7.2epss 0.00
Incorrect Privilege Assignment vulnerability in StellarWP Kadence WooCommerce Email Designer kadence-woocommerce-email-designer allows Privilege Escalation.This issue affects Kadence WooCommerce Email Designer: from n/a through <= 1.5.16.
- risk 0.42cvss 6.4epss 0.00
The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Google Maps widget parameters in all versions up to, and including, 3.2.42 due to insufficient input sanitization and output escaping.…
- risk 0.42cvss 6.4epss 0.00
The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the typer effect in the advanced heading widget in all versions up to, and including, 3.2.37 due to insufficient input sanitization and…
- risk 0.42cvss 6.4epss 0.00
The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 3.2.34 due to insufficient input sanitization and output escaping. This makes it…
- risk 0.42cvss 6.4epss 0.01
The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Testimonial Widget's anchor style parameter in all versions up to, and including, 3.2.25 due to insufficient input sanitization and output…
- risk 0.42cvss 6.4epss 0.00
Server-Side Request Forgery (SSRF) vulnerability in StellarWP Gutenberg Blocks by Kadence Blocks kadence-blocks.This issue affects Gutenberg Blocks by Kadence Blocks: from n/a through <= 3.2.25.
- risk 0.42cvss 6.4epss 0.01
The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the htmlTag attribute in all versions up to, and including, 3.2.23 due to insufficient input sanitization and output escaping. This makes it…
- risk 0.40cvss 7.2epss 0.00
The Kadence WooCommerce Email Designer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the customer name in all versions up to, and including, 1.5.17 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated…
- risk 0.35cvss 6.4epss 0.00
The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to DOM-based Stored Cross-Site Scripting via HTML data attributes in all versions up to, and including, 3.2.45 due to insufficient input sanitization and output escaping on…
- risk 0.35cvss 6.4epss 0.00
The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘titleFont’ parameter in all versions up to, and including, 3.2.38 due to insufficient input sanitization and output escaping. This…
- risk 0.35cvss 6.4epss 0.00
The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' attribute of the plugin's blocks in all versions up to, and including, 3.2.36 due to insufficient input sanitization and output escaping on user supplied…
- risk 0.35cvss 6.4epss 0.00
The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the countdown timer in all versions up to, and including, 3.2.36 due to insufficient input sanitization and output escaping on user supplied…
- risk 0.35cvss 6.4epss 0.00
The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the CountUp Widget in all versions up to, and including, 3.2.31 due to insufficient input sanitization and output escaping on user supplied…
- risk 0.29cvss 4.4epss 0.01
The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the contact form message settings in all versions up to and including 3.2.17 due to insufficient input sanitization and output escaping. This…
- risk 0.28cvss 4.3epss 0.00
The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.6.1. This is due to a missing capability check in the `process_image_data_ajax_callback()` function which handles the…
- risk 0.28cvss 4.3epss 0.00
The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.6.1. This is due to insufficient validation of the `endpoint` parameter in the `get_items()` function of the GetResponse REST API…
- risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in StellarWP Gutenberg Blocks by Kadence Blocks kadence-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gutenberg Blocks by Kadence Blocks: from n/a through <= 3.3.1.
- risk 0.28cvss 5.4epss 0.00
The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Testimonial', 'Progress Bar', 'Lottie Animations', 'Row Layout', 'Google Maps', and 'Advanced Gallery' blocks in all versions up…
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Kadence WP Kadence WooCommerce Email Designer plugin <= 1.5.11 versions.
- CVE-2025-5678Jul 9, 2025risk 0.00cvss —epss 0.00
The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘redirectURL’ parameter in all versions up to, and including, 3.5.10 due to insufficient input sanitization and output escaping.…
- CVE-2024-12304Jan 11, 2025risk 0.00cvss —epss 0.00
The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via button block link in all versions up to, and including, 3.4.2 due to insufficient input sanitization and output escaping. This makes it…
- CVE-2024-12581Dec 13, 2024risk 0.00cvss —epss 0.00
The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.2.53 due to insufficient input sanitization and output escaping. This makes it…
- CVE-2024-10637Dec 12, 2024risk 0.00cvss —epss 0.00
The Gutenberg Blocks with AI by Kadence WP WordPress plugin before 3.2.54 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored…
- CVE-2024-10785Nov 21, 2024risk 0.00cvss —epss 0.00
The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Countdown' widget in all versions up to, and including, 3.3.3 due to insufficient input sanitization and output escaping. This makes it…
- CVE-2024-9655Nov 1, 2024risk 0.00cvss —epss 0.00
The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Icon widget in all versions up to, and including, 6.6.2 due to insufficient input sanitization and output escaping on user…
- CVE-2024-6884Aug 8, 2024risk 0.00cvss —epss 0.00
The Gutenberg Blocks with AI by Kadence WP WordPress plugin before 3.2.39 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored…
- CVE-2024-4057Jun 4, 2024risk 0.00cvss —epss 0.00
The Gutenberg Blocks with AI by Kadence WP WordPress plugin before 3.2.37 does not validate and escape some of its block attributes before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored…
- CVE-2022-3335Oct 25, 2022risk 0.00cvss —epss 0.01
The Kadence WooCommerce Email Designer WordPress plugin before 1.5.7 unserialises the content of an imported file, which could lead to PHP object injections issues when an admin import (intentionally or not) a malicious file and a suitable gadget chain is present on the blog.