CVE-2024-9655

Published
View on NVD ↗
CVSS v3
6.4
MEDIUM
CVSS v2
N/A
Affected
1
PROJECT

Description

The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Icon widget in all versions up to, and including, 6.6.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Kadence Blocks — Page Builder Toolkit for Gutenberg Editor
Kadence Blocks — Page Builder Toolkit for Gutenberg Editor
<p>Kadence Blocks extends the WordPress block editor with powerful custom blocks and advanced design controls, helping you build fast, accessible, and professional websites, without writing code.</p> <p>Each block is built with performance, accessibility, and flexibility in mind, giving you the tools to create visually impressive layouts while maintaining clean, optimized output.</p> <p>Whether you’re building landing pages, blogs, or full websites, Kadence Blocks provides a streamlined, modern workflow that rivals traditional page builders, directly inside the native WordPress editor.</p> <h4>Custom Blocks Include</h4> <ul> <li>Accordion – Create <a href="https://www.kadencewp.com/kadence-blocks/custom-blocks/accordion-block/?utm_source=wordpress&amp;utm_medium=referral&amp;utm_campaign=read-me&amp;utm_content=kadence-blocks" rel="nofollow ugc">beautiful accordions!</a> Each panel can contain any other block and customized title styles, content background, and borders.</li> <li>Advanced Button – Create an <a href="https://www.kadencewp.com/kadence-blocks/custom-blocks/advanced-button-block/?utm_source=wordpress&amp;utm_medium=referral&amp;utm_campaign=read-me&amp;utm_content=kadence-blocks" rel="nofollow ugc">advanced button</a> or a row of buttons. Style each one, including hover controls. Plus, you can use an icon and display them side-by-side.</li> <li>Advanced Form – Our <a href="https://www.kadencewp.com/kadence-blocks/custom-blocks/form-block/?utm_source=wordpress&amp;utm_medium=referral&amp;utm_campaign=read-me&amp;utm_content=kadence-blocks" rel="nofollow ugc">powerful form block</a> allows you to easily create a contact or marketing form and style it within the block editor.</li> <li>Advanced Gallery – Create <a href="https://www.kadencewp.com/kadence-blocks/custom-blocks/advanced-gallery/?utm_source=wordpress&amp;utm_medium=referral&amp;utm_campaign=read-me&amp;utm_content=kadence-blocks" rel="nofollow ugc">stunning photo galleries</a>, carousels, and sliders! Customize links, captions, image sizes and more for optimal performance.</li> <li>Advanced Text – Create a <a href="https://www.kadencewp.com/kadence-blocks/custom-blocks/advanced-heading-block/?utm_source=wordpress&amp;utm_medium=referral&amp;utm_campaign=read-me&amp;utm_content=kadence-blocks" rel="nofollow ugc">heading or paragraph</a> and define sizes for desktop, tablet and mobile along with font family, colors, etc. Use Inline AI editor to improve writing, fix spelling and grammar errors, change tone, etc.</li> <li>Countdown – Increase your conversions by adding a sense of urgency to your offering with a <a href="https://www.kadencewp.com/kadence-blocks/custom-blocks/countdown-block/?utm_source=wordpress&amp;utm_medium=referral&amp;utm_campaign=read-me&amp;utm_content=kadence-blocks" rel="nofollow ugc">countdown</a>. Pro includes evergreen campaigns as well.</li> <li>Count Up &#8211; Include an <a href="https://www.kadencewp.com/help-center/docs/kadence-blocks/count-up-block/?utm_source=wordpress&amp;utm_medium=referral&amp;utm_campaign=read-me&amp;utm_content=kadence-blocks" rel="nofollow ugc">animated number</a> counter to pages and posts. This can potentially add interest to what would otherwise be boring numbers on a screen.</li> <li>Info Box – Create an <a href="https://www.kadencewp.com/kadence-blocks/custom-blocks/info-box-block/?utm_source=wordpress&amp;utm_medium=referral&amp;utm_campaign=read-me&amp;utm_content=kadence-blocks" rel="nofollow ugc">info box</a> containing an icon or image and, optionally, a title, description, and learn more text. Style static and hover separately.</li> <li>Icon – Choose from over 1500+ <a href="https://www.kadencewp.com/kadence-blocks/custom-blocks/icon-block/?utm_source=wordpress&amp;utm_medium=referral&amp;utm_campaign=read-me&amp;utm_content=kadence-blocks" rel="nofollow ugc">SVG icons</a> to add into your page and style the size, colors, background, border, etc. You can also add multiple icons side-by-side.</li> <li>Icon List – Add <a href="https://www.kadencewp.com/kadence-blocks/custom-blocks/icon-list-block/?utm_source=wordpress&amp;utm_medium=referral&amp;utm_campaign=read-me&amp;utm_content=kadence-blocks" rel="nofollow ugc">beautiful icons</a> to your lists and make them more engaging and attract viewers’ attention. Over 1500 icons to choose from and unlimited styles.</li> <li>Lottie Animation – You can import <a href="https://www.kadencewp.com/kadence-blocks/custom-blocks/lottie-animations/?utm_source=wordpress&amp;utm_medium=referral&amp;utm_campaign=read-me&amp;utm_content=kadence-blocks" rel="nofollow ugc">lottie animations</a> into your site. You can choose how the animation plays and control animation speeds, loops, etc.</li> <li>Posts – Display a clean <a href="https://www.kadencewp.com/kadence-blocks/custom-blocks/post-block/?utm_source=wordpress&amp;utm_medium=referral&amp;utm_campaign=read-me&amp;utm_content=kadence-blocks" rel="nofollow ugc">grid of posts</a> anywhere on your site, great for your homepage where you want to tease your blog.</li> <li>Progress Bar &#8211; Show <a href="https://www.kadencewp.com/help-center/docs/kadence-blocks/progress-bar-block/?utm_source=wordpress&amp;utm_medium=referral&amp;utm_campaign=read-me&amp;utm_content=kadence-blocks" rel="nofollow ugc">progress visually</a>, including how much of a goal has been met, satisfaction rates, and many other use cases.</li> <li>Row Layout – <a href="https://www.kadencewp.com/kadence-blocks/row-layout-block/?utm_source=wordpress&amp;utm_medium=referral&amp;utm_campaign=read-me&amp;utm_content=kadence-blocks" rel="nofollow ugc">Create rows</a> with nested blocks in columns or as a container. Give style to your rows with a background, overlay, padding, etc.</li> <li>Section – <a href="https://www.kadencewp.com/help-center/docs/kadence-blocks/section-block/?utm_source=wordpress&amp;utm_medium=referral&amp;utm_campaign=read-me&amp;utm_content=kadence-blocks" rel="nofollow ugc">Design sections</a> of content in Row Layout blocks. Add any block to the section and design it using block settings.</li> <li>Show More – Easily <a href="https://www.kadencewp.com/help-center/docs/kadence-blocks/show-more-block/?utm_source=wordpress&amp;utm_medium=referral&amp;utm_campaign=read-me&amp;utm_content=kadence-blocks" rel="nofollow ugc">add previews</a> to content with nested blocks of any type. Adjust preview size by device type, apply a fade out, customize advanced buttons, and more.</li> <li>Spacer / Divider – Easily <a href="https://www.kadencewp.com/kadence-blocks/spacer-divider-block/?utm_source=wordpress&amp;utm_medium=referral&amp;utm_campaign=read-me&amp;utm_content=kadence-blocks" rel="nofollow ugc">create a divider</a> and determine the space around it, or just create some space in your content. You can even define the height per screen size.</li> <li>Table of Contents – <a href="https://www.kadencewp.com/kadence-blocks/table-of-contents/?utm_source=wordpress&amp;utm_medium=referral&amp;utm_campaign=read-me&amp;utm_content=kadence-blocks" rel="nofollow ugc">Quickly navigate</a> to headings within your post or page by automatically creating anchor links and a smooth scroll.</li> <li>Tabs – Create custom vertical or horizontal <a href="https://www.kadencewp.com/kadence-blocks/custom-blocks/tabs-block/?utm_source=wordpress&amp;utm_medium=referral&amp;utm_campaign=read-me&amp;utm_content=kadence-blocks" rel="nofollow ugc">tab layouts</a> with advanced styling controls. Each tab content is an empty canvas able to contain any other blocks.</li> <li>Testimonials – Create confidence in your brand or product by showing off beautiful and unique <a href="https://www.kadencewp.com/help-center/docs/kadence-blocks/testimonial-block/?utm_source=wordpress&amp;utm_medium=referral&amp;utm_campaign=read-me&amp;utm_content=kadence-blocks" rel="nofollow ugc">testimonials</a>. Display as a carousel or a grid.</li> </ul> <h4>Video Tutorial</h4> <p><span class="embed-youtube" style="text-align:center; display: block;"><iframe loading="lazy" class="youtube-player" width="750" height="422" src="https://www.youtube.com/embed/46P3kMrpFkQ?version=3&#038;rel=1&#038;showsearch=0&#038;showinfo=1&#038;iv_load_policy=1&#038;fs=1&#038;hl=en-US&#038;autohide=2&#038;wmode=transparent" allowfullscreen="true" style="border:0;" sandbox="allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox"></iframe></span></p> <h4>Key Block Features</h4> <ul> <li>Content &amp; Layout Flexibility: Build complex layouts with nested rows, responsive controls, and advanced spacing options, all within the block editor.</li> <li>Design Library: Overcome creative blocks and assemble a site in no time. Our Design Library offers hundreds of pre-built patterns and pages tailored to your unique brand</li> <li>Intelligent Load: Kadence Blocks won’t slow down your website because it only loads CSS or Javascript when you need it- and only for the blocks you are using on a specific page.</li> <li>Responsive Controls: Tweak your design for each screen size. Edit tablet and mobile settings while previewing in WordPress editor.</li> <li>Typography Controls: Choose from 900+ Google fonts and design your site with complete typography control.</li> <li>Color &amp; Background Controls: Gradients, overlays, parallax backgrounds, borders, etc. You can control all the design settings&#033;</li> <li>Configurable Defaults: Make development a breeze. Once the default settings are defined, every time you add a block those settings will automatically be applied.</li> <li>Setting Visibility Controls: Hide block settings from certain user roles so they can focus on content and you can keep them out of the block designs.</li> <li>Spacing Controls: Control paddings and margins for your blocks in whatever units you like. Customize responsively for precision spacing and design.</li> </ul> <h4>Connect With Our Community</h4> <p>Naturally, the web creation process comes along with endless questions, creative ideas, and is ripe for collaborative opportunities. That’s where our thriving Facebook community, with over 12,000 members and counting, becomes an invaluable resource.</p> <p>Whether seeking answers to specific questions, looking for constructive feedback on your website, or eager to uncover innovative ways to leverage Kadence tools, our community is here to support and inspire you.</p> <ul> <li>Join the <a href="https://www.facebook.com/groups/webcreatorcommunity" rel="nofollow ugc">Web Creator Community</a> Facebook Group.</li> <li>Subscribe to the <a href="https://www.kadencewp.com/newsletter-subscribe/?utm_source=wordpress&amp;utm_medium=referral&amp;utm_campaign=read-me&amp;utm_content=kadence-blocks" rel="nofollow ugc">Kadence WP newsletter</a> for the latest updates and insights.</li> <li>Listen to our podcast, the <a href="https://www.youtube.com/playlist?list=PLz7FUcdXQ3YBhruufxJwDiO-H63MC1Bke" rel="nofollow ugc">Kadence Beat</a>, where we explore web creation strategies together.</li> </ul> <p>Check out some tutorials by creators who love Kadence (and think you should, too 🙂):</p> <ul> <li><a href="https://youtube.com/playlist?list=PLV0AfjbtxNdrAg6ynj2PGSGZ--IAiluxJ&amp;si=ZbIhYyFGn6YOrQm6" rel="nofollow ugc">Kadence Blocks Tutorials</a> by StartBlogging101</li> <li><a href="https://youtu.be/ZWavuOtC5Yw?si=n9D5BZ8AbptHiwtO" rel="nofollow ugc">The Ultimate Kadence Guide for Beginners</a> by CliftonWP</li> </ul> <h4>Get More from Kadence WP</h4> <p>Enhance your page building experience even more with these additional <a href="https://www.kadencewp.com/kadence-blocks/pro/?utm_source=wordpress&amp;utm_medium=referral&amp;utm_campaign=read-me&amp;utm_content=kadence-blocks" rel="nofollow ugc">Pro Blocks</a>:<br /> * <a href="https://www.kadencewp.com/help-center/docs/kadence-blocks/advanced-query-loop-block/?utm_source=wordpress&amp;utm_medium=referral&amp;utm_campaign=read-me&amp;utm_content=kadence-blocks" rel="nofollow ugc">Advanced Query Loop</a><br /> * <a href="https://www.kadencewp.com/help-center/docs/kadence-blocks/advanced-slider/?utm_source=wordpress&amp;utm_medium=referral&amp;utm_campaign=read-me&amp;utm_content=kadence-blocks" rel="nofollow ugc">Advanced Slider</a><br /> * <a href="https://www.kadencewp.com/help-center/docs/kadence-blocks/image-overlay-block/?utm_source=wordpress&amp;utm_medium=referral&amp;utm_campaign=read-me&amp;utm_content=kadence-blocks" rel="nofollow ugc">Image Overlay</a><br /> * <a href="https://www.kadencewp.com/help-center/docs/kadence-blocks/modal-block/?utm_source=wordpress&amp;utm_medium=referral&amp;utm_campaign=read-me&amp;utm_content=kadence-blocks" rel="nofollow ugc">Modal</a><br /> * <a href="https://www.kadencewp.com/help-center/docs/kadence-blocks/kadence-blocks-post-grid-carousel-block/?utm_source=wordpress&amp;utm_medium=referral&amp;utm_campaign=read-me&amp;utm_content=kadence-blocks" rel="nofollow ugc">Post Grid/Carousel</a><br /> * <a href="https://www.kadencewp.com/help-center/docs/kadence-blocks/product-carousel-block/?utm_source=wordpress&amp;utm_medium=referral&amp;utm_campaign=read-me&amp;utm_content=kadence-blocks" rel="nofollow ugc">Product Carousel</a><br /> * <a href="https://www.kadencewp.com/help-center/docs/kadence-blocks/repeater/?utm_source=wordpress&amp;utm_medium=referral&amp;utm_campaign=read-me&amp;utm_content=kadence-blocks" rel="nofollow ugc">Repeater</a><br /> * <a href="https://www.kadencewp.com/help-center/docs/kadence-blocks/split-content-block/?utm_source=wordpress&amp;utm_medium=referral&amp;utm_campaign=read-me&amp;utm_content=kadence-blocks" rel="nofollow ugc">Split Content</a><br /> * <a href="https://www.kadencewp.com/help-center/docs/kadence-blocks/video-popup-block/?utm_source=wordpress&amp;utm_medium=referral&amp;utm_campaign=read-me&amp;utm_content=kadence-blocks" rel="nofollow ugc">Video Popup</a><br /> * …and <a href="https://www.kadencewp.com/help-center/docs/kadence-blocks/kadence-blocks-pro-plugin/?utm_source=wordpress&amp;utm_medium=referral&amp;utm_campaign=read-me&amp;utm_content=kadence-blocks" rel="nofollow ugc">more!</a></p> <p>Get over creative blocks and engage your viewers further with these <a href="https://www.kadencewp.com/kadence-blocks/pro/?utm_source=wordpress&amp;utm_medium=referral&amp;utm_campaign=read-me&amp;utm_content=kadence-blocks" rel="nofollow ugc">Premium Features</a>:<br /> * Animate on Scroll<br /> * <a href="https://www.kadencewp.com/help-center/docs/kadence-blocks/custom-icons/?utm_source=wordpress&amp;utm_medium=referral&amp;utm_campaign=read-me&amp;utm_content=kadence-blocks" rel="nofollow ugc">Custom Icons</a><br /> * <a href="https://www.kadencewp.com/help-center/docs/kadence-blocks/kadence-custom-fonts/?utm_source=wordpress&amp;utm_medium=referral&amp;utm_campaign=read-me&amp;utm_content=kadence-blocks" rel="nofollow ugc">Custom Fonts</a><br /> * <a href="https://www.kadencewp.com/help-center/docs/kadence-blocks/dynamic-content/?utm_source=wordpress&amp;utm_medium=referral&amp;utm_campaign=read-me&amp;utm_content=kadence-blocks" rel="nofollow ugc">Dynamic Content</a><br /> * Page Specific Scripts<br /> * 800+ <a href="https://www.kadencewp.com/introducing-the-innovative-kadence-design-library-revolutionizing-the-world-of-design-patterns/?utm_source=wordpress&amp;utm_medium=referral&amp;utm_campaign=read-me&amp;utm_content=kadence-blocks" rel="nofollow ugc">Design Library</a> patterns</p> <p>Power-up your WordPress site with the comprehensive <a href="https://www.kadencewp.com/wordpress-solutions/all-individual-premium-products/?utm_source=wordpress&amp;utm_medium=referral&amp;utm_campaign=read-me&amp;utm_content=kadence-blocks" rel="nofollow ugc">Kadence WP suite</a>:<br /> * Start with the <a href="https://www.kadencewp.com/kadence-theme/?utm_source=wordpress&amp;utm_medium=referral&amp;utm_campaign=read-me&amp;utm_content=kadence-blocks" rel="nofollow ugc">Kadence Theme</a> for a flexible, fast, and lightweight foundation.<br /> * Create personalized, professionally designed websites in minutes with pre-designed Starter Templates.<br /> * Seamlessly integrate powerful WooCommerce capabilities through <a href="https://www.kadencewp.com/kadence-shopkit/?utm_source=wordpress&amp;utm_medium=referral&amp;utm_campaign=read-me&amp;utm_content=kadence-blocks" rel="nofollow ugc">ShopKit</a>.<br /> * Upgrade your marketing strategy and boost revenue with <a href="https://www.kadencewp.com/kadence-conversions/?utm_source=wordpress&amp;utm_medium=referral&amp;utm_campaign=read-me&amp;utm_content=kadence-blocks" rel="nofollow ugc">Kadence Conversions</a>.<br /> * Create a custom library of templates on <a href="https://www.kadencewp.com/kadence-cloud/?utm_source=wordpress&amp;utm_medium=referral&amp;utm_campaign=read-me&amp;utm_content=kadence-blocks" rel="nofollow ugc">Kadence Pattern Hub</a> and commoditize your design talents.</p> <p>Each tool is designed to work in harmony, providing a full-suite solution for building, managing, and growing your online presence with ease.</p> <h4>About the Kadence WP Team</h4> <p>Hello! We are Kadence and we reside in the beautiful city of Missoula, Montana. We find ourselves every day grateful to live in the heart of Big Sky Country where the mountains are plentiful and the rivers run wild. If we’re not writing code or answering support, you can probably find us deep in the woods, exploring and getting lost. We believe that life is meant to be lived to the fullest and we do our best to make the most of every day. Please feel free to leave comments or questions through the contact form. We love hearing what you have to say.</p> <p>As a brand, we create clean and professional class WordPress tools that help everyday people create beautiful websites. Our name is simply a different spelling of the word &#8220;cadence&#8221; which means &#8220;a rhythmic flow of a sequence of sounds or words: the cadence of a language.&#8221;</p> <h4>Source files</h4> <p><a href="https://github.com/stellarwp/kadence-blocks" rel="nofollow ugc">github</a></p> <h4>Support</h4> <p>Need support? Our expert team is eager to assist you with any queries. Please reach out through our dedicated <a href="https://www.kadencewp.com/free-support-tickets/?utm_source=wordpress&amp;utm_medium=referral&amp;utm_campaign=read-me&amp;utm_content=kadence-blocks" rel="nofollow ugc">support form</a> for prompt and helpful guidance.</p> <h3>Security Policy</h3> <h4>Reporting Security Bugs</h4> <p>Please report security bugs found in the Kadence Blocks plugin&#8217;s source code through the Patchstack Vulnerability Disclosure Program https://patchstack.com/database/vdp/kadence-blocks. The Patchstack team will assist you with verification, CVE assignment, and notify the developers of this plugin.</p>
WordPress Plugin DirectoryWordPress Plugin Directory
38.6M