Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Contributor authentication (PR:L) is mandatory; exposure is client-side credential read-only with no integrity or availability impact.
Primary rating from Vendor (Wordfence).
CVSS VectorVendor: Wordfence
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
2DescriptionCVE.org
The Kadence Blocks - Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.7.5 via the editor_assets_variables. This makes it possible for authenticated attackers, with contributor-level access and above, to extract the site's connected Kadence account license key, license owner email, api_key, api_email, and license domain from the browser console by inspecting window.kadence_blocks_params.proData. Exploitation requires only that an administrator has previously connected a valid Kadence license; the full credential bundle is then readable by any Contributor-level user from the block editor client context without any server-side request manipulation.
AnalysisAI
Sensitive information exposure in Kadence Blocks (WordPress plugin) versions up to and including 3.7.5 allows authenticated contributors to read the site's Kadence license key, license owner email, api_key, api_email, and license domain directly from the browser console via the JavaScript global window.kadence_blocks_params.proData. The credentials are serialized client-side through the editor_assets_variables mechanism and require no server-side manipulation to extract. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires: (1) the attacker holds an authenticated WordPress account at Contributor level or higher - unauthenticated exploitation is not possible; (2) an administrator has previously connected a valid Kadence Pro license to the site, populating the stored credential options that the plugin serializes; (3) the attacker has access to the WordPress block editor, which Contributor-level users have by default. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The NVD-assigned CVSS 3.1 score of 4.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) accurately reflects the moderate severity. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A threat actor who holds a Contributor account on the target WordPress site - obtained via registration, credential stuffing, or social engineering - logs into the WordPress admin panel, opens the block editor on any post or page, and opens the browser developer console. The attacker types window.kadence_blocks_params.proData and immediately receives the full license key, api_key, owner email, and registered domain in plaintext. … |
| Remediation | An upstream fix has been committed to the Kadence Blocks repository per Trac changeset 3569191 (https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3569191%40kadence-blocks&new=3569191%40kadence-blocks); however, a specific released patched version number is not confirmed from the available input data. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Kadence Blocks WordPress plugin versions up to and including 3.7.7 allows authenticated Contributor-level users to read
Authorization bypass in the Kadence Blocks WordPress plugin (all versions through 3.7.7) allows authenticated contributo
Same weakness CWE-200 – Information Exposure
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-37843
GHSA-g255-vwqv-qh7v