Kadence blocks — page builder toolkit for gutenberg editor
This hub aggregates every CVE we track for Kadence blocks — page builder toolkit for gutenberg editor, a product in the web cms plugins space. Use it to gauge the current risk picture and drill into individual advisories.
24
CVEs tracked
0
Critical
1
High
0
In CISA KEV
Severity distribution
MEDIUM23HIGH1
Monthly trend
0
0
0
0
2
1
1
0
1
0
0
0
1
0
0
0
0
0
0
3
0
1
0
1
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Kadence blocks — page builder toolkit for gutenberg editor.
- CVE-2026-11357Kadence Blocks <= 3.7.5 - Authenticated (Contributor+) Sensitive Information Exposure via Block Editor proData Localization4.3
- CVE-2026-2826Kadence Blocks — Page Builder Toolkit for Gutenberg Editor <= 3.6.3 - Missing Authorization to Authenticated (Contributor+) Media Upload4.3
- CVE-2026-2633Gutenberg Blocks with AI by Kadence WP <= 3.6.1 - Missing Authorization to Authenticated (Contributor+) Unauthorized Media Upload4.3
- CVE-2026-1857Gutenberg Blocks with AI by Kadence WP <= 3.6.1 - Authenticated (Contributor+) Server-Side Request Forgery via 'endpoint' Parameter4.3
- CVE-2026-2608Gutenberg Blocks by Kadence Blocks <= 3.5.32 - Missing Authorization4.3
- CVE-2025-5678Kadence Blocks – Gutenberg Blocks for Page Builder Features <= 3.5.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via `redirectURL` Parameter6.4
- CVE-2025-1291Gutenberg Blocks by Kadence Blocks <= 3.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'icon'6.4
- CVE-2024-12304Gutenberg Blocks with AI by Kadence WP – Page Builder Features <= 3.4.2 - Authenticated (contributor+) Stored Cross-Site Scripting via Button Link6.4
- CVE-2024-12581Kadence Blocks <= 3.2.53 - Authenticated (Admin+) Stored Cross-Site Scripting4.4
- CVE-2024-10785Gutenberg Blocks with AI by Kadence WP – Page Builder Features <= 3.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting6.4
- CVE-2024-9655Gutenberg Blocks with AI by Kadence WP – Page Builder Features <= 3.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Icon Widget6.4
- CVE-2024-5819Gutenberg Blocks with AI by Kadence WP – Page Builder Features <= 3.2.45 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via HTML Data Attributes6.4
- CVE-2024-5289Gutenberg Blocks with AI by Kadence WP – Page Builder Features <= 3.2.42 - Authenticated (Contributor+) Stored Cross-Site Scripting in Google Maps Widget6.4
- CVE-2024-4863Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.38 - Authenticated (Contributor+) Stored Cross-Site Scripting via titleFont Parameter6.4
- CVE-2024-4208Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.37 - Authenticated (Contributor+) Stored Cross-Site Scripting via Typer Effect6.4
Product normalization is registry-driven with AI assist and human review. How it works