Vulnerability Description
The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.5.32. This makes it possible for authenticated attackers, with Contributor-level access and above, to perform an unauthorized action.
CVSS Score
MEDIUM
Related Weaknesses (CWE)
References
- https://plugins.trac.wordpress.org/changeset?old_path=/kadence-blocks/tags/3.5.3
- https://vdp.patchstack.com/database/wordpress/plugin/kadence-blocks/vulnerabilit
- https://www.wordfence.com/threat-intel/vulnerabilities/id/05dd1686-76e3-498b-80b
FAQ
What is CVE-2026-2608?
CVE-2026-2608 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and incl...
How severe is CVE-2026-2608?
CVE-2026-2608 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-2608?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.