Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
4.3
Kadence Blocks plugin allows unauthorized access with Contributor-level access
CVE-2026-2608
Summary
The Kadence Blocks plugin for WordPress is missing a security check, allowing users with Contributor-level access and above to perform actions they shouldn't. This could be exploited by attackers to gain unauthorized access to your website. Update to the latest version of the plugin to fix this issue.
Original title
The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and i...
Original description
The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.5.32. This makes it possible for authenticated attackers, with Contributor-level access and above, to perform an unauthorized action.
nvd CVSS3.1
4.3
Vulnerability type
CWE-862
Missing Authorization
Published: 17 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026