Executive Summary

The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress has a vulnerability in all versions up to and including 3.7.5 that allows sensitive information exposure.

Authenticated users with contributor-level access or higher can extract sensitive license information such as the connected Kadence account license key, license owner email, api_key, api_email, and license domain by inspecting the browser console.

This is possible because these credentials are exposed in the client-side JavaScript object window.kadence_blocks_params.proData within the block editor context, without requiring any server-side request manipulation.

Exploitation requires that an administrator has previously connected a valid Kadence license.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can lead to unauthorized disclosure of sensitive license credentials to users with contributor-level access or higher.

An attacker with these credentials could potentially misuse the license key and associated account information, which might lead to license abuse or unauthorized access to services tied to the license.

Since the exposure happens client-side, it does not require complex server-side attacks, making it easier for insiders or lower-privileged users to exploit.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by verifying if an authenticated user with contributor-level access or higher can access sensitive Kadence license information via the browser console in the WordPress block editor.

Specifically, inspecting the JavaScript object window.kadence_blocks_params.proData in the browser console while editing a page with the Kadence Blocks plugin active can reveal the exposed license key, license owner email, api_key, api_email, and license domain.

No specific network commands are provided in the available resources, but detection involves accessing the WordPress block editor as a contributor or higher and running the following in the browser console:

• Open browser developer tools (usually F12 or Ctrl+Shift+I)
• Navigate to the Console tab
• Enter: window.kadence_blocks_params.proData

If the object contains license and API credentials, the vulnerability is present.

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation steps include updating the Kadence Blocks plugin to a version later than 3.7.5 where this vulnerability is fixed.

If an update is not immediately available, restrict contributor-level user access or higher until the plugin is patched.

Additionally, consider disconnecting the Kadence license temporarily to prevent exposure of license credentials.

Monitor user roles and permissions carefully to ensure that only trusted users have contributor-level or higher access.

Useful 0 Not Useful 0

Compliance Impact

This vulnerability allows authenticated users with contributor-level access and above to extract sensitive license-related information, including license keys and associated emails, from the browser console without server-side manipulation.

Exposure of such sensitive information could potentially lead to unauthorized access or misuse of license credentials, which may impact the confidentiality of personal or organizational data.

However, the provided context does not explicitly state the direct impact on compliance with standards like GDPR or HIPAA.

Useful 0 Not Useful 0