CVE-2026-2633

{"id": "CVE-2026-2633", "cveTags": [], "metrics": {"ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2026-2633", "role": "CISA Coordinator", "options": [{"exploitation": "none"}, {"automatable": "no"}, {"technicalImpact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-18T14:19:51.901936Z"}}], "cvssMetricV31": [{"type": "Secondary", "source": "security@wordfence.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "affected": [{"source": "security@wordfence.com", "affectedData": [{"vendor": "stellarwp", "product": "Kadence Blocks \u2014 Page Builder Toolkit for Gutenberg Editor", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "3.6.1"}], "defaultStatus": "unaffected"}]}], "published": "2026-02-18T07:16:10.807", "references": [{"url": "https://plugins.trac.wordpress.org/browser/kadence-blocks/tags/3.5.32/includes/class-kadence-blocks-prebuilt-library.php#L1177", "source": "security@wordfence.com"}, {"url": "https://plugins.trac.wordpress.org/browser/kadence-blocks/tags/3.5.32/includes/class-kadence-blocks-prebuilt-library.php#L789", "source": "security@wordfence.com"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3454881%40kadence-blocks%2Ftrunk&old=3453204%40kadence-blocks%2Ftrunk&sfp_email=&sfph_mail=", "source": "security@wordfence.com"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9c06e0a9-a13a-4cee-a1a5-c43c114b2dbf?source=cve", "source": "security@wordfence.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "security@wordfence.com", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.6.1. This is due to a missing capability check in the `process_image_data_ajax_callback()` function which handles the `kadence_import_process_image_data` AJAX action. The function's authorization check via `verify_ajax_call()` only validates `edit_posts` capability but fails to check for the `upload_files` capability. This makes it possible for authenticated attackers, with Contributor-level access and above, to upload arbitrary images from remote URLs to the WordPress Media Library, bypassing the standard WordPress capability restriction that prevents Contributors from uploading files."}, {"lang": "es", "value": "El plugin Gutenberg Blocks with AI by Kadence WP para WordPress es vulnerable a una autorizaci\u00f3n faltante en todas las versiones hasta la 3.6.1, inclusive. Esto se debe a una verificaci\u00f3n de capacidad faltante en la funci\u00f3n `process_image_data_ajax_callback()` que maneja la acci\u00f3n AJAX `kadence_import_process_image_data`. La verificaci\u00f3n de autorizaci\u00f3n de la funci\u00f3n a trav\u00e9s de `verify_ajax_call()` solo valida la capacidad `edit_posts` pero no verifica la capacidad `upload_files`. Esto hace posible que atacantes autenticados, con acceso de nivel Colaborador y superior, carguen im\u00e1genes arbitrarias desde URLs remotas a la biblioteca de medios de WordPress, eludiendo la restricci\u00f3n de capacidad est\u00e1ndar de WordPress que impide a los Colaboradores cargar archivos."}], "lastModified": "2026-06-17T10:31:26.180", "sourceIdentifier": "security@wordfence.com"}