🦸 💥 Calling all superheroes and hunters! Introducing the End of Year Holiday Extravaganza and the WordPress Superhero Challenge for the Wordfence Bug Bounty Program

Through December 9th, 2024, all in-scope vulnerability types for WordPress plugins/themes with >= 1,000 Active Installations are in-scope for ALL researchers, all plugins and themes that are hosted in the WordPress.org repository with at least 50 active installs that have been updated in the last 2 years will be in-scope for ALL researchers, the minimum bounty awarded for all in-scope submissions will be $5, and ALL researchers earn automatic bonuses of 5%-180% for valid submissions in software with 1,000 - 4,999,999 active installs, pending report limits are increased for all, and it's possible to earn up to $31,200 for high impact vulnerabilities!

Review what's in scope for your tier and updated bounties with bonuses here!

Gutenberg Blocks with AI by Kadence WP – Page Builder Features

Wordfence Intelligence > Vulnerability Database > WordPress Plugins > Gutenberg Blocks with AI by Kadence WP – Page Builder Features

Information

Software Type	Plugin
Software Slug	kadence-blocks (view on wordpress.org)
Software Status	Active
Software Author	britner
Software Website	www.kadencewp.com
Software Downloads	23,635,768
Software Active Installs	400,000
Software Record Last Updated	November 21, 2024

Showing 1-20 of 21 Vulnerabilities

Submit a Vulnerability

Gutenberg Blocks with AI by Kadence WP – Page Builder Features <= 3.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2024-10785

Nov 20, 2024

Researcher: zer0gh0st

Gutenberg Blocks with AI by Kadence WP – Page Builder Features <= 3.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Icon Widget

6.4

CVE-2024-9655

Oct 31, 2024

Researcher: Webbernaut

Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.38 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown

6.4

CVE-2024-6884

Jul 18, 2024

Researcher: Dmitrii Ignatyev

Gutenberg Blocks with AI by Kadence WP – Page Builder Features <= 3.2.45 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via HTML Data Attributes

6.4

CVE-2024-5819

Jun 28, 2024

Researcher: Webbernaut

Gutenberg Blocks with AI by Kadence WP – Page Builder Features <= 3.2.42 - Authenticated (Contributor+) Stored Cross-Site Scripting in Google Maps Widget

6.4

CVE-2024-5289

Jun 26, 2024

Researcher: wesley (wcraft)

Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.38 - Authenticated (Contributor+) Stored Cross-Site Scripting via titleFont Parameter

6.4

CVE-2024-4863

Jun 13, 2024

Researcher: stealthcopter

Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.36 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2024-4057

May 14, 2024

Researcher: Dmitrii Ignatyev

Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.37 - Authenticated (Contributor+) Stored Cross-Site Scripting

5.4

CVE-2024-3189

May 14, 2024

Researcher: stealthcopter

Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.37 - Authenticated (Contributor+) Stored Cross-Site Scripting via Typer Effect

6.4

CVE-2024-4208

May 14, 2024

Researcher: Webbernaut

Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.36 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Timer

6.4

CVE-2024-4209

May 10, 2024

Researcher: Webbernaut

Gutenberg Blocks with AI by Kadence WP <= 3.2.36 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Link

6.4

CVE-2024-4481

May 9, 2024

Researcher: Ngô Thiên An (ancorn_)

Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.34 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2024-2273

May 1, 2024

Researcher: Dau Hoang Tai

Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.1.26 - Authenticated(Contributor+) Server-Side Request Forgery (SSRF)

8.5

CVE-2023-6964

Apr 9, 2024

Researcher: Lucio Sá

Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.31 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via CountUp Widget

6.4

CVE-2024-2919

Apr 3, 2024

Researcher: Webbernaut

Gutenberg Blocks by Kadence Blocks <= 3.2.17 - Authenticated(Editor+) Stored Cross-Site Scripting via Contact Form Message Settings

4.4

CVE-2024-0598

Apr 2, 2024

Researcher: Akbar Kustirama

Gutenberg Blocks by Kadence Blocks <= 3.2.25 - Authenticated (Author+) Server-Side Request Forgery

6.4

CVE-2024-24888

Mar 29, 2024

Researcher: Kursat Cetin

Gutenberg Blocks with AI by Kadence WP – Page Builder Features <= 3.2.19 - Authenticated (Contributor+) Server-Side Request Forgery

6.4

CVE-2024-23500

Mar 26, 2024

Researcher: Rafie Muhammad

Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.25 - Authenticated (Contributor+) Stored Cross-Site Scripting via Testimonial Widget

6.4

CVE-2024-1999

Mar 21, 2024

Researcher: wesley (wcraft)

Gutenberg Blocks by Kadence Blocks <= 3.2.25 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2024-2509

Mar 15, 2024

Researcher: Dmitrii Ignatyev

Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.23 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2024-1541

Mar 1, 2024

Researcher: wesley (wcraft)

Title	Status	CVE ID	CVSS	Researchers	Date
Gutenberg Blocks with AI by Kadence WP – Page Builder Features <= 3.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting	Patched	CVE-2024-10785	6.4	zer0gh0st	November 20, 2024
Gutenberg Blocks with AI by Kadence WP – Page Builder Features <= 3.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Icon Widget	Patched	CVE-2024-9655	6.4	Webbernaut	October 31, 2024
Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.38 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown	Patched	CVE-2024-6884	6.4	Dmitrii Ignatyev	July 18, 2024
Gutenberg Blocks with AI by Kadence WP – Page Builder Features <= 3.2.45 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via HTML Data Attributes	Patched	CVE-2024-5819	6.4	Webbernaut	June 28, 2024
Gutenberg Blocks with AI by Kadence WP – Page Builder Features <= 3.2.42 - Authenticated (Contributor+) Stored Cross-Site Scripting in Google Maps Widget	Patched	CVE-2024-5289	6.4	wesley (wcraft)	June 26, 2024
Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.38 - Authenticated (Contributor+) Stored Cross-Site Scripting via titleFont Parameter	Patched	CVE-2024-4863	6.4	stealthcopter	June 13, 2024
Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.36 - Authenticated (Contributor+) Stored Cross-Site Scripting	Patched	CVE-2024-4057	6.4	Dmitrii Ignatyev	May 14, 2024
Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.37 - Authenticated (Contributor+) Stored Cross-Site Scripting	Patched	CVE-2024-3189	5.4	stealthcopter	May 14, 2024
Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.37 - Authenticated (Contributor+) Stored Cross-Site Scripting via Typer Effect	Patched	CVE-2024-4208	6.4	Webbernaut	May 14, 2024
Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.36 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Timer	Patched	CVE-2024-4209	6.4	Webbernaut	May 10, 2024
Gutenberg Blocks with AI by Kadence WP <= 3.2.36 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Link	Patched	CVE-2024-4481	6.4	Ngô Thiên An (ancorn_)	May 9, 2024
Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.34 - Authenticated (Contributor+) Stored Cross-Site Scripting	Patched	CVE-2024-2273	6.4	Dau Hoang Tai	May 1, 2024
Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.1.26 - Authenticated(Contributor+) Server-Side Request Forgery (SSRF)	Patched	CVE-2023-6964	8.5	Lucio Sá	April 9, 2024
Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.31 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via CountUp Widget	Patched	CVE-2024-2919	6.4	Webbernaut	April 3, 2024
Gutenberg Blocks by Kadence Blocks <= 3.2.17 - Authenticated(Editor+) Stored Cross-Site Scripting via Contact Form Message Settings	Patched	CVE-2024-0598	4.4	Akbar Kustirama	April 2, 2024
Gutenberg Blocks by Kadence Blocks <= 3.2.25 - Authenticated (Author+) Server-Side Request Forgery	Patched	CVE-2024-24888	6.4	Kursat Cetin	March 29, 2024
Gutenberg Blocks with AI by Kadence WP – Page Builder Features <= 3.2.19 - Authenticated (Contributor+) Server-Side Request Forgery	Patched	CVE-2024-23500	6.4	Rafie Muhammad	March 26, 2024
Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.25 - Authenticated (Contributor+) Stored Cross-Site Scripting via Testimonial Widget	Patched	CVE-2024-1999	6.4	wesley (wcraft)	March 21, 2024
Gutenberg Blocks by Kadence Blocks <= 3.2.25 - Authenticated (Contributor+) Stored Cross-Site Scripting	Patched	CVE-2024-2509	6.4	Dmitrii Ignatyev	March 15, 2024
Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.23 - Authenticated (Contributor+) Stored Cross-Site Scripting	Patched	CVE-2024-1541	6.4	wesley (wcraft)	March 1, 2024

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation