CVE-2026-2633
Missing Authorization in Kadence WP Plugin Enables Arbitrary Image Upload
Publication date: 2026-02-18
Last updated on: 2026-02-18
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| kadence_wp | gutenberg_blocks | to 3.6.1 (inc) |
| kadence_wp | kadence_blocks | 3.5.32 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability exists in the Gutenberg Blocks with AI by Kadence WP plugin for WordPress, affecting all versions up to and including 3.6.1. It is caused by a missing authorization check in the function process_image_data_ajax_callback(), which handles an AJAX action for processing image data.
Specifically, the function only verifies if the user has the edit_posts capability but fails to check if the user has the upload_files capability. Because of this, authenticated users with Contributor-level access or higher can upload arbitrary images from remote URLs to the WordPress Media Library, bypassing the usual restrictions that prevent Contributors from uploading files.
How can this vulnerability impact me? :
This vulnerability allows authenticated users with Contributor-level access or above to upload arbitrary images from remote URLs to the WordPress Media Library, even though Contributors normally do not have permission to upload files.
The impact is an unauthorized ability to add media content, which could be used to upload malicious images or content that might be leveraged for further attacks or to bypass security policies.
The CVSS score of 4.3 (Medium severity) reflects the limited but significant impact on integrity due to this improper authorization.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves the Gutenberg Blocks with AI by Kadence WP plugin allowing authenticated users with Contributor-level access and above to upload arbitrary images via the AJAX action `kadence_import_process_image_data` due to missing authorization checks.
To detect exploitation attempts on your system or network, you can monitor HTTP requests targeting the AJAX endpoint that handles the `kadence_import_process_image_data` action.
- Check your web server access logs for POST requests containing the parameter `action=kadence_import_process_image_data`.
- Use command-line tools like grep to filter logs, for example: `grep 'action=kadence_import_process_image_data' /var/log/apache2/access.log` or the equivalent path for your web server.
- Monitor WordPress AJAX requests for unusual image upload activity from users with Contributor-level roles.
Since the vulnerability allows uploading images from remote URLs, suspicious network traffic involving outbound connections to unknown image URLs initiated by the WordPress server could also be an indicator.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, immediately update the Gutenberg Blocks with AI by Kadence WP plugin to a version later than 3.6.1 where the missing authorization check has been fixed.
If an update is not immediately available, restrict access to the vulnerable AJAX action by limiting Contributor-level users' ability to trigger the `kadence_import_process_image_data` action.
- Temporarily disable or remove the plugin until a patched version is released.
- Implement additional capability checks in the plugin code to ensure the `upload_files` capability is verified before processing image uploads.
- Monitor logs for suspicious activity and revoke or review permissions for users with Contributor-level access.