cleantalk
Vulnerabilities and Security Researches

Gutenberg Blocks by Kadence Blocks – Page Builder Features, CVE-2024-9655

CVE, Research URL

CVE-2024-9655

Home page URL

Security reports for Gutenberg Blocks by Kadence Blocks – Page Builder Features

Application

Gutenberg Blocks by Kadence Blocks – Page Builder Features

Published on
Nov 01, 2024
Research Description
The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Icon widget in all versions up to, and including, 6.6.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
Min -, max 3.3.2.
Status
vulnerable
Previous vulnerability researches
Gutenberg Blocks by Kadence Blocks – Page Builder Features (CVE-2025-1291) , Mar 05, 2025
Gutenberg Blocks by Kadence Blocks – Page Builder Features (CVE-2024-5819) , Jul 01, 2024
Gutenberg Blocks by Kadence Blocks – Page Builder Features (CVE-2024-12581) , Dec 15, 2024
Gutenberg Blocks by Kadence Blocks – Page Builder Features (CVE-2024-10785) , Nov 21, 2024
Gutenberg Blocks by Kadence Blocks – Page Builder Features (CVE-2025-24753) , Jan 26, 2025
New vulnerability
All-in-One Addons for Elementor – WidgetKit (CVE-2025-2330) , Jul 03, 2025
My Wp Brand – Hide menu & Hide Plugin (CVE-2025-53269) , Jul 03, 2025
MobiLoud – WordPress Mobile Apps – Convert your WordPress Website to Native Mobile Apps (CVE-2025-52813) , Jul 03, 2025
Forminator – Contact Form, Payment Form & Custom Form Builder (CVE-2025-6463) , Jul 03, 2025
Forminator – Contact Form, Payment Form & Custom Form Builder (CVE-2025-6464) , Jul 03, 2025