CVE-2026-12904

MEDIUM

Kadence Blocks <= 3.7.7 - Authenticated Insecure Direct Object Reference

Title source: manual
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-12904. PoCs published by HermesNA-1.

AI-analyzed exploit summary This repository contains an auto-generated stub module for CVE-2026-12904, an Insecure Direct Object Reference (IDOR) vulnerability in the Kadence Blocks WordPress plugin (versions ≤ 3.7.7). The code includes references to vulnerable code paths but lacks actual exploit implementation, serving only as a placeholder.

Description

The Kadence Blocks – Gutenberg Blocks for Page Builder Features plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 3.7.7. This is due to a mismatch between the object used for authorization and the object actually accessed in the Optimize_Rest_Controller's create_item(), get_item(), delete_item(), and bulk_delete_items() endpoints — authorization is checked via current_user_can('edit_post'/'delete_post', $post_id) against the user-supplied post_id, while the storage layer keys analysis records on sha256($post_path) from a separately supplied, attacker-controlled post_path parameter, with no enforcement that post_path corresponds to post_id. This makes it possible for authenticated attackers, with Contributor-level access and above, to read or delete optimizer analysis records belonging to posts owned by other users by submitting their own post_id (which passes the capability check) together with the victim post's path.

Exploits (1)

github STUB 1 stars
by HermesNA-1 · pythonpoc
https://github.com/HermesNA-1/SnakeSploit/tree/main/data/modules_generated/cve-2026-12904_the_kadence_blocks.py

This repository contains an auto-generated stub module for CVE-2026-12904, an Insecure Direct Object Reference (IDOR) vulnerability in the Kadence Blocks WordPress plugin (versions ≤ 3.7.7). The code includes references to vulnerable code paths but lacks actual exploit implementation, serving only as a placeholder.

Classification
Stub 99%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Theoretical
Target: Kadence Blocks – Gutenberg Blocks for Page Builder Features plugin for WordPress (versions ≤ 3.7.7)
No auth needed
Prerequisites: WordPress site with Kadence Blocks plugin installed (versions ≤ 3.7.7) · Network access to the target WordPress instance
mistral-large-3 · analyzed Jul 09, 2026 Full analysis →

References (20)

Core 20
Core References

Scores

CVSS v3 4.3
EPSS 0.0029
EPSS Percentile 21.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-639
Status published
Products (1)
stellarwp/Kadence Blocks — Page Builder Toolkit for Gutenberg Editor < 3.7.7
Published Jul 01, 2026
Tracked Since Jul 01, 2026