CVE-2026-2826 in Kadence Blocks Plugininfo

Zusammenfassung (Englisch)

The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.6.3. This is due to the plugin not properly verifying that a user has the `upload_files` capability in the `process_pattern` REST API endpoint. This makes it possible for authenticated attackers, with contributor level access and above, to upload images to the WordPress Media Library by supplying remote image URLs that the server downloads and creates as media attachments.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Zuständig

Wordfence

Reservieren

19.02.2026

Veröffentlichung

04.04.2026

Status

Bestätigt

Einträge

VulDB provides additional information and datapoints for this CVE:

ID	Schwachstelle	CWE	Aus	Mas	CVE
355307	stellarwp Kadence Blocks Plugin REST API process_pattern upload_files erweiterte Rechte	862	Nicht definiert	Offizieller Fix	CVE-2026-2826

Beschreibung

CPE

CWE

CVSS

Exploits

History

Diff

Verknüpfen

Threat Intelligence

API JSON

API XML

API CSV

Quellen

◂ ZurückÜbersichtWeiter ▸

Do you need the next level of professionalism?

Upgrade your account now!