WordPress Plugin Vulnerabilities

Gutenberg Blocks with AI by Kadence WP < 3.6.2 - Contributor+ Unauthorized Media Upload

Description

The plugin is vulnerable to Missing Authorization due to a missing capability check in the `process_image_data_ajax_callback()` function which handles the `kadence_import_process_image_data` AJAX action. The function's authorization check via `verify_ajax_call()` only validates `edit_posts` capability but fails to check for the `upload_files` capability. This makes it possible for authenticated attackers, with Contributor-level access and above, to upload arbitrary images from remote URLs to the WordPress Media Library, bypassing the standard WordPress capability restriction that prevents Contributors from uploading files.

Affects Plugins

Plugin icon
kadence-blocks
Fixed in 3.6.2

References

CVE
CVE-2026-2633
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/9c06e0a9-a13a-4cee-a1a5-c43c114b2dbf

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
2.7 (low)

Miscellaneous

Original Researcher
Ali Sünbül
Verified
No
WPVDB ID
f63d4512-9969-4afb-87ba-ebafc0a558c0

Timeline

Publicly Published
2026-02-17 (about 1 month ago)
Added
2026-02-17 (about 1 month ago)
Last Updated
2026-02-17 (about 1 month ago)

Other

Published
Title
Published
2025-07-07
Title
Profiler - What Slowing Down Your WP <= 1.0.0 - Missing Authorization
Published
2024-06-20
Title
Popup box < 4.5.2 - Missing Authorization
Published
2025-01-25
Title
Quiz Maker Business, Developer, and Agency - Unauthenticated Arbitrary Shortcode Execution
Published
2025-03-27
Title
Our Team Members < 2.3 - Missing Authorization to Authenticated (Subscriber+) Information Disclosure
Published
2026-03-30
Title
WooPayments < 10.6.0 - Unauthenticated Plugin Settings Update