cleantalk
Vulnerabilities and Security Researches

Gutenberg Blocks by Kadence Blocks – Page Builder Features, CVE-2024-2509

CVE, Research URL

CVE-2024-2509

Home page URL

Security reports for Gutenberg Blocks by Kadence Blocks – Page Builder Features

Application

Gutenberg Blocks by Kadence Blocks – Page Builder Features

Published on
Apr 05, 2024
Research Description
The Gutenberg Blocks by Kadence Blocks WordPress plugin before 3.2.26 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
Affected versions
Min -, max 3.2.26.
Status
vulnerable
Previous vulnerability researches
Gutenberg Blocks by Kadence Blocks – Page Builder Features (CVE-2025-1291) , Mar 05, 2025
Gutenberg Blocks by Kadence Blocks – Page Builder Features (CVE-2024-5819) , Jul 01, 2024
Gutenberg Blocks by Kadence Blocks – Page Builder Features (CVE-2024-12581) , Dec 15, 2024
Gutenberg Blocks by Kadence Blocks – Page Builder Features (CVE-2024-10785) , Nov 21, 2024
Gutenberg Blocks by Kadence Blocks – Page Builder Features (CVE-2025-24753) , Jan 26, 2025
New vulnerability
All-in-One Addons for Elementor – WidgetKit (CVE-2025-2330) , Jul 03, 2025
My Wp Brand – Hide menu & Hide Plugin (CVE-2025-53269) , Jul 03, 2025
MobiLoud – WordPress Mobile Apps – Convert your WordPress Website to Native Mobile Apps (CVE-2025-52813) , Jul 03, 2025
Forminator – Contact Form, Payment Form & Custom Form Builder (CVE-2025-6463) , Jul 03, 2025
Forminator – Contact Form, Payment Form & Custom Form Builder (CVE-2025-6464) , Jul 03, 2025