CVE-2026-2633 in Gutenberg Blocks with AI by Kadence WP Plugininfo

Zusammenfassung

von MITRE • 18.02.2026

The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.6.1. This is due to a missing capability check in the `process_image_data_ajax_callback()` function which handles the `kadence_import_process_image_data` AJAX action. The function's authorization check via `verify_ajax_call()` only validates `edit_posts` capability but fails to check for the `upload_files` capability. This makes it possible for authenticated attackers, with Contributor-level access and above, to upload arbitrary images from remote URLs to the WordPress Media Library, bypassing the standard WordPress capability restriction that prevents Contributors from uploading files.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Veröffentlichung

18.02.2026

Moderieren

akzeptiert

Eintrag

VDB-346384

CPE

bereit

CWE

CWE-862 (bestätigt)

CVSS

4.3 (CNA)

EPSS

0.00013

KEV

nein

Aktivitäten

very low

Sektor

Hostingprovider

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-2633
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-2633
CVE Details	https://www.cvedetails.com/cve/CVE-2026-2633/

◂ Zurück Übersicht Weiter ▸

Do you need the next level of professionalism?

Upgrade your account now!