Critical vulnerability in WordPress Gutenberg Blocks by Kadence Blocks plugin


A very serious vulnerability has been discovered in the popular WordPress Gutenberg Blocks by Kadence Blocks plugin that allows arbitrary file upload to your WordPress installation. According to our findings, the vulnerability is very serious and all sites using this plugin should be updated immediately. The problem has been fixed in plugin version 3.1.11. More information about this vulnerability can be found here.


Our customers using WordPress Smart Updates are safe as updates have been run automatically immediately after their releasing. But our WP hosting plan customers should take care of the security updates themselves. However, in the name of general security and with the vulnerability being so critical, we also centrally review all the WordPress sites in our servers and if possible perform a critical updates on pages that have not yet been updated.


Our WP hosting customers who have had this plugin updated by us, are also recommended to check themselves whether the WordPress Gutenberg Blocks by Kadence Blocks plugin is installed and that has been updated to at least version 3.1.10. This also requires WordPress core to be updated to latest version 6.3. We also recommend in these cases to change the admin password of the WordPress installation and to take care of all security updates to your own WordPress in accordance with our instructions.