Home

Description

The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.6.1. This is due to a missing capability check in the `process_image_data_ajax_callback()` function which handles the `kadence_import_process_image_data` AJAX action. The function's authorization check via `verify_ajax_call()` only validates `edit_posts` capability but fails to check for the `upload_files` capability. This makes it possible for authenticated attackers, with Contributor-level access and above, to upload arbitrary images from remote URLs to the WordPress Media Library, bypassing the standard WordPress capability restriction that prevents Contributors from uploading files.

PUBLISHED Reserved 2026-02-17 | Published 2026-02-18 | Updated 2026-02-18 | Assigner Wordfence




MEDIUM: 4.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Problem types

CWE-862 Missing Authorization

Product status

Default status
unaffected

* (semver)
affected

Timeline

2026-02-03:Vendor Notified
2026-02-17:Disclosed

Credits

Ali Sünbül finder

References

www.wordfence.com/...-a13a-4cee-a1a5-c43c114b2dbf?source=cve

plugins.trac.wordpress.org/...ce-blocks-prebuilt-library.php

plugins.trac.wordpress.org/...ce-blocks-prebuilt-library.php

plugins.trac.wordpress.org/...%2Ftrunk&sfp_email=&sfph_mail=

cve.org (CVE-2026-2633)

nvd.nist.gov (CVE-2026-2633)

Download JSON