cleantalk
Vulnerabilities and Security Researches

Gutenberg Blocks by Kadence Blocks – Page Builder Features, CVE-2024-10637

CVE, Research URL

CVE-2024-10637

Home page URL

Security reports for Gutenberg Blocks by Kadence Blocks – Page Builder Features

Application

Gutenberg Blocks by Kadence Blocks – Page Builder Features

Published on
Dec 12, 2024
Research Description
The Gutenberg Blocks with AI by Kadence WP WordPress plugin before 3.2.54 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
Affected versions
Min -, max 3.2.54.
Status
vulnerable
Previous vulnerability researches
Gutenberg Blocks by Kadence Blocks – Page Builder Features (CVE-2025-1291) , Mar 05, 2025
Gutenberg Blocks by Kadence Blocks – Page Builder Features (CVE-2024-5819) , Jul 01, 2024
Gutenberg Blocks by Kadence Blocks – Page Builder Features (CVE-2024-12581) , Dec 15, 2024
Gutenberg Blocks by Kadence Blocks – Page Builder Features (CVE-2024-10785) , Nov 21, 2024
Gutenberg Blocks by Kadence Blocks – Page Builder Features (CVE-2025-24753) , Jan 26, 2025
New vulnerability
isMobile() Shortcode for WordPress (CVE-2025-6488) , Jul 03, 2025
All-in-One Addons for Elementor – WidgetKit (CVE-2025-2330) , Jul 03, 2025
My Wp Brand – Hide menu & Hide Plugin (CVE-2025-53269) , Jul 03, 2025
MobiLoud – WordPress Mobile Apps – Convert your WordPress Website to Native Mobile Apps (CVE-2025-52813) , Jul 03, 2025
Forminator – Contact Form, Payment Form & Custom Form Builder (CVE-2025-6463) , Jul 03, 2025