CVE Catalog

CVE-2026-12902

MediumCVSS 4.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.27%

19th percentile — higher than 19% of all known CVEs

Summary

The Kadence Blocks plugin for WordPress up to version 3.7.7 fails to properly verify user authorization, allowing authenticated attackers with contributor-level access or higher to create arbitrary Media Library attachments. Attackers can remotely download images to the uploads directory, bypassing the upload_files capability boundary.

Risk Assessment

The organization is at risk of unauthorized file uploads, which could lead to disk space exhaustion, injection of malicious files, or the server being used to host illegal content.

Recommendation

Immediately update the Kadence Blocks plugin to the latest available version that includes a fix for the authorization bypass vulnerability.

Original NVD description (English source)

The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.7.7. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with contributor-level access and above, to create arbitrary Media Library attachments by downloading remote images to the site's uploads directory via wp_upload_bits() and wp_insert_attachment(), bypassing the upload_files capability boundary.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS