MEDIUM
stellarwp
CVE published 2026-06-18
CVE-2026-11357
The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress, up to and including version 3.7.5, exposes sensitive information. Authenticated attackers with contributor-level access can extract the site's connected Kadence account license key, license owner email, API key, API email, and license domain. This is possible by inspecting window.kadence_blocks_params.proData in the brows [truncated]