CVE-2026-2826 | stellarwp Kadence Blocks Plugin up to 3.6.3 on WordPress REST API Endpoint process_pattern upload_files authorization

Inserito da Angelo Barbosa | Apr 4, 2026 | CVE

A vulnerability classified as critical was found in stellarwp Kadence Blocks Plugin up to 3.6.3 on WordPress. The affected element is the function upload_files of the file process_pattern of the component REST API Endpoint. Executing a manipulation can lead to missing authorization.

This vulnerability is handled as CVE-2026-2826. The attack can be executed remotely. There is not any exploit available.

Upgrading the affected component is advised.

CVE-2026-2826 | stellarwp Kadence Blocks Plugin up to 3.6.3 on WordPress REST API Endpoint process_pattern upload_files authorization

Post correlati

CVE-2024-29057 | Microsoft Edge prior 123.0.2420.53 unknown vulnerability

CVE-2025-29228 | Linksys E5600 1.1.0.26 runtime.macClone mc.ip command injection

CVE-2024-24901 | Dell PowerScale OneFS up to 9.2.1.24/9.4.0.16/9.5.0.6/9.6.1.0 insufficient logging (dsa-2024-062)

CVE-2025-4218 | handrew browserpilot up to 0.2.51 gpt_selenium_agent.py GPTSeleniumAgent instructions code injection (Issue 20)