Attack Vectors
The WordPress plugin Gutenberg Blocks with AI by Kadence WP – Page Builder Features (also known as Kadence Blocks — Page Builder Toolkit for Gutenberg Editor, slug: kadence-blocks) has a Medium severity vulnerability (CVSS 4.3, CVE referenced in the vendor advisory) that can be exploited by someone who already has a login with Contributor-level access or higher.
In practical terms, an attacker with a low-privileged account can use the plugin’s REST API functionality to create and immediately publish content without going through the normal WordPress approval process. This can occur without requiring a victim to click anything, which increases the likelihood of misuse in real-world scenarios such as compromised contributor accounts, insider threats, or overly broad access granted to contractors and partners.
Security Weakness
The issue stems from an incorrect authorization check in the plugin’s REST API endpoint that processes patterns. Specifically, a misconfigured capability check in the permission callback allows authenticated users (Contributor+) to perform actions that should be restricted to roles with publishing rights.
Affected versions are all versions up to and including 3.5.32. The vendor guidance is to update to 3.6.0 or newer to address the misconfiguration and restore expected WordPress workflow controls.
Technical or Business Impacts
Brand and reputational risk: Unauthorized publishing can lead to embarrassing or harmful content appearing on high-visibility pages, landing pages, or campaign assets—especially damaging for marketing teams running time-sensitive initiatives.
Compliance and governance risk: If your organization relies on editorial review, legal approval, or compliance sign-off, this vulnerability can undermine those controls by allowing content to go live without review. This can create audit findings and policy violations, particularly in regulated industries.
Business disruption and fraud risk: Attackers could publish misleading announcements, redirect traffic, or add content designed to capture leads or payments. Even if the change is quickly reversed, the impact can include customer confusion, support burden, and lost revenue.
Operational impact for security and IT: Because exploitation requires only an authenticated Contributor+ account, the incident response scope may include investigating account compromise, tightening role assignments, reviewing recent publishing activity, and validating that no unauthorized pages or posts were created.
Similar Attacks
Unauthorized content publication and workflow bypass issues are commonly abused when attackers gain low-level WordPress access. Examples of broadly similar real-world WordPress plugin vulnerabilities include:
Wordfence: Zero-Day Vulnerability in Yuzo Related Posts (used to inject unwanted content)
Recent Comments