Gutenberg Blocks by Kadence Blocks

StellarWP

Developer

3.6.6

Latest version

600,000

Installations

No date

Last updated

WordPress Plugin

Active VDP

Report vulnerability

Vulnerabilities

Security Policy

Security Contributors

Vulnerability history

0 present

30 patched

2 Mitigation rules

Authenticated (Contributor+) Server-Side Request Forgery via 'endpoint' Parameter vulnerability
<= 3.6.1
17/02/2026
Missing Authorization to Authenticated (Contributor+) Unauthorized Media Upload vulnerability
<= 3.6.1
17/02/2026
Incorrect Authorization to Authenticated (Contributor+) Post Publication vulnerability
<= 3.5.32
11/02/2026
Authenticated (Contributor+) Stored Cross-Site Scripting via Typer Effect vulnerability
<= 3.2.37
02/02/2026
Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Timer vulnerability
<= 3.2.36
02/02/2026
Authenticated (Admin+) Stored Cross-Site Scripting vulnerability
<= 3.2.53
30/01/2026
Authenticated (Contributor+) Stored Cross-Site Scripting via `redirectURL` Parameter vulnerability
<= 3.5.10
08/07/2025
Authenticated (Contributor+) Stored Cross-Site Scripting via 'icon' vulnerability
<= 3.4.9
28/02/2025
Broken Access Control vulnerability
<= 3.3.1
24/01/2025
Authenticated (contributor+) Stored Cross-Site Scripting via Button Link vulnerability
<= 3.4.2
10/01/2025
Admin+ Stored XSS vulnerability
< 3.2.54
12/12/2024
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
<= 3.3.3
21/11/2024
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
<= 3.3.1
31/10/2024
Contributor+ Stored XSS via "Days Label" vulnerability
< 3.2.39
08/08/2024
Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via HTML Data Attributes vulnerability
<= 3.2.45
01/07/2024
Contributor+ Stored Cross-Site Scripting in Google Maps Widget vulnerability
<= 3.2.42
26/06/2024
Authenticated (Contributor+) Stored Cross-Site Scripting via titleFont Parameter vulnerability
<= 3.2.38
14/06/2024
Contributor+ Stored XSS vulnerability
< 3.2.37
15/05/2024
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
<= 3.2.37
15/05/2024
Authenticated (Contributor+) Stored Cross-Site Scripting via Block Link vulnerability
<= 3.2.36
10/05/2024
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
<= 3.2.34
01/05/2024
Authenticated Server-Side Request Forgery (SSRF) vulnerability
<= 3.1.26
11/04/2024
Contributor+ Stored XSS vulnerability
< 3.2.26
05/04/2024
Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Countdown and CountUp Widget vulnerability
<= 3.2.31
04/04/2024
Authenticated(Editor+) Stored Cross-Site Scripting via Contact Form Message Settings vulnerability
<= 3.2.17
03/04/2024
Server Side Request Forgery (SSRF) vulnerability
<= 3.2.25
29/03/2024
Server Side Request Forgery (SSRF) vulnerability
<= 3.2.19
26/03/2024
Authenticated (Contributor+) Stored Cross-Site Scripting via Testimonial Widget vulnerability
<= 3.2.25
22/03/2024
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
<= 3.2.23
14/03/2024
Unauthenticated Arbitrary File Upload vulnerability
<= 3.1.10
09/08/2023