CVE-2026-2826 | stellarwp Kadence Blocks Plugin up to 3.6.3 on WordPress REST API Endpoint process_pattern upload_files authorization

Inserito da Angelo Barbosa | Apr 4, 2026 | CVE

A vulnerability classified as critical was found in stellarwp Kadence Blocks Plugin up to 3.6.3 on WordPress. The affected element is the function upload_files of the file process_pattern of the component REST API Endpoint. Executing a manipulation can lead to missing authorization.

This vulnerability is handled as CVE-2026-2826. The attack can be executed remotely. There is not any exploit available.

Upgrading the affected component is advised.

CVE-2026-2826 | stellarwp Kadence Blocks Plugin up to 3.6.3 on WordPress REST API Endpoint process_pattern upload_files authorization

Post correlati

CVE-2025-8587 | AKCE SKSPro up to 07012026 sql injection

CVE-2024-24329 | Totolink A3300R 17.0.0cu.557_B20221024 setPortForwardRules enable command injection

CVE-2026-3106 | Teampass up to 3.1.5.15 Login Form redacted/index.php Username cross site scripting

CVE-2023-31352 | AMD EPYC 9004 Processors/EPYC Embedded 9004 SEV Firmware memory corruption