WordPress Plugin Vulnerabilities

Gutenberg Blocks with AI by Kadence WP < 3.6.2 - Contributor+ SSRF

Description

The plugin is vulnerable to Server-Side Request Forgery due to insufficient validation of the `endpoint` parameter in the `get_items()` function of the GetResponse REST API handler. The endpoint's permission check only requires `edit_posts` capability (Contributor role) rather than `manage_options` (Administrator). This makes it possible for authenticated attackers, with Contributor-level access and above, to make server-side requests to arbitrary endpoints on the configured GetResponse API server, retrieving sensitive data such as contacts, campaigns, and mailing lists using the site's stored API credentials. The stored API key is also leaked in the request headers.

Affects Plugins

Plugin icon
kadence-blocks
Fixed in 3.6.2

References

CVE
CVE-2026-1857
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/2ea8d38a-f5ce-40dd-a015-f56d60579e05

Classification

Type
SSRF
OWASP top 10
A1: Injection
CWE
CWE-918
CVSS
2.7 (low)

Miscellaneous

Original Researcher
Ali Sünbül
Verified
No
WPVDB ID
ba15fe40-d4da-4dce-aca6-9ddb84e86833

Timeline

Publicly Published
2026-02-17 (about 2 months ago)
Added
2026-02-17 (about 2 months ago)
Last Updated
2026-02-17 (about 2 months ago)

Other

Published
Title
Published
2024-08-29
Title
Justified Image Grid < 4.7 - Unauthenticated Server-Side Request Forgery
Published
2026-01-27
Title
AI Engine < 3.3.3 - Authenticated (Subscriber+) Server-Side Request Forgery
Published
2018-01-20
Title
Google Forms <= 0.91 - Unauthenticated Server-Side Request Forgery (SSRF)
Published
2025-04-24
Title
BeerXML Shortcode < 0.8 - Authenticated (Contributor+) Server-Side Request Forgery
Published
2023-08-29
Title
PowerPress Podcasting < 11.0.7 - Contributor+ SSRF