Gutenberg Blocks by Kadence Blocks – Page Builder Features, 7f8da6aa3ebf8eda56368739e88291da673770c1

CVE, Research URL: 7f8da6aa3ebf8eda56368739e88291da673770c1
Home page URL: Security reports for Gutenberg Blocks by Kadence Blocks – Page Builder Features
Application: Gutenberg Blocks by Kadence Blocks – Page Builder Features
Published on: Aug 09, 2023
Research Description: Gutenberg Blocks with AI by Kadence WP – Page Builder Features [kadence-blocks] < 3.1.11 Kadence Blocks <= 3.1.10 - Unauthenticated Arbitrary File Upload The Kadence Blocks for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the process_fields function in versions up to, and including, 3.1.10. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
Affected versions: Min -, max 3.1.11.
Status: vulnerable