WordPress Plugin Vulnerabilities

Kadence Blocks < 3.6.4 - Contributor+ Media Upload

Description

The plugin is vulnerable to authorization bypass due to the plugin not properly verifying that a user has the `upload_files` capability in the `process_pattern` REST API endpoint. This makes it possible for authenticated attackers, with contributor level access and above, to upload images to the WordPress Media Library by supplying remote image URLs that the server downloads and creates as media attachments.

Affects Plugins

Plugin icon
kadence-blocks
Fixed in 3.6.4

References

CVE
CVE-2026-2826
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/5f91df7e-5d9d-4a3a-9afc-d771106a0be6

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
2.7 (low)

Miscellaneous

Original Researcher
lucsob
Verified
No
WPVDB ID
45166ad4-c4b9-4090-a753-98ea9d293080

Timeline

Publicly Published
2026-04-03 (about 1 month ago)
Added
2026-04-06 (about 1 month ago)
Last Updated
2026-04-06 (about 1 month ago)

Other

Published
Title
Published
2024-04-25
Title
SSU < 1.5.1 - Missing Authorization
Published
2025-01-16
Title
Mark Posts < 2.2.5 - Missing Authorization
Published
2025-10-03
Title
Integrate Dynamics 365 CRM < 1.1.0 - Missing Authorization
Published
2026-01-27
Title
HAPPY < 1.0.9 - Missing Authorization
Published
2024-12-11
Title
PostBox < 1.0.5 - Missing Authorization to Authenticated (Subscriber+) Log Export