cleantalk
Vulnerabilities and Security Researches

Gutenberg Blocks by Kadence Blocks – Page Builder Features, CVE-2024-1541

CVE, Research URL

CVE-2024-1541

Home page URL

Security reports for Gutenberg Blocks by Kadence Blocks – Page Builder Features

Application

Gutenberg Blocks by Kadence Blocks – Page Builder Features

Published on
Mar 13, 2024
Research Description
The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the htmlTag attribute in all versions up to, and including, 3.2.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
Min -, max 3.2.24.
Status
vulnerable
Previous vulnerability researches
Gutenberg Blocks by Kadence Blocks – Page Builder Features (CVE-2025-1291) , Mar 05, 2025
Gutenberg Blocks by Kadence Blocks – Page Builder Features (CVE-2024-5819) , Jul 01, 2024
Gutenberg Blocks by Kadence Blocks – Page Builder Features (CVE-2024-12581) , Dec 15, 2024
Gutenberg Blocks by Kadence Blocks – Page Builder Features (CVE-2024-10785) , Nov 21, 2024
Gutenberg Blocks by Kadence Blocks – Page Builder Features (CVE-2025-24753) , Jan 26, 2025
New vulnerability
isMobile() Shortcode for WordPress (CVE-2025-6488) , Jul 03, 2025
All-in-One Addons for Elementor – WidgetKit (CVE-2025-2330) , Jul 03, 2025
My Wp Brand – Hide menu & Hide Plugin (CVE-2025-53269) , Jul 03, 2025
MobiLoud – WordPress Mobile Apps – Convert your WordPress Website to Native Mobile Apps (CVE-2025-52813) , Jul 03, 2025
Forminator – Contact Form, Payment Form & Custom Form Builder (CVE-2025-6463) , Jul 03, 2025