CVE-2026-1857
📋 TL;DR
This vulnerability allows authenticated WordPress users with Contributor-level permissions or higher to perform Server-Side Request Forgery attacks against the GetResponse API server. Attackers can access sensitive GetResponse data (contacts, campaigns, mailing lists) using the site's stored API credentials, which are also leaked in request headers. All WordPress sites using vulnerable versions of the Kadence Blocks plugin are affected.
💻 Affected Systems
- Gutenberg Blocks with AI by Kadence WP (WordPress plugin)
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of GetResponse account data including all contact lists, campaigns, and sensitive customer information, plus exposure of API credentials that could lead to further account takeover.
Likely Case
Unauthorized access to GetResponse contact lists and campaign data, potential data exfiltration, and API credential exposure.
If Mitigated
Limited to authenticated users only, with no access to sensitive GetResponse data if proper API key restrictions are in place.
🎯 Exploit Status
Exploitation requires authenticated WordPress access with at least Contributor permissions. The vulnerability is straightforward to exploit once authenticated.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 3.6.2 and later
Vendor Advisory: https://wordpress.org/plugins/kadence-blocks/#developers
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Gutenberg Blocks with AI by Kadence WP'. 4. Click 'Update Now' if available, or download version 3.6.2+ from WordPress repository. 5. Activate the updated plugin.
🔧 Temporary Workarounds
Disable GetResponse Integration
allTemporarily disable the GetResponse functionality in Kadence Blocks plugin settings
Restrict User Roles
allRemove Contributor role permissions or restrict user registration
🧯 If You Can't Patch
- Disable the Kadence Blocks plugin entirely until patched
- Implement network-level restrictions to block outbound requests to GetResponse API endpoints
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Installed Plugins → Kadence Blocks version. If version is 3.6.1 or lower, you are vulnerable.Check Version:
wp plugin list --name=kadence-blocks --field=versionVerify Fix Applied:
Verify plugin version is 3.6.2 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual API requests to GetResponse endpoints from non-admin users
- Multiple failed authentication attempts to WordPress admin
Network Indicators:
- Outbound HTTP requests to api.getresponse.com from WordPress server with unusual patterns
- Unexpected data exfiltration to external IPs
SIEM Query:
source="wordpress" AND (uri_path="/wp-json/kadence-blocks/v1/getresponse" OR user_agent CONTAINS "WordPress") AND user_role="contributor"🔗 References
- https://plugins.trac.wordpress.org/browser/kadence-blocks/tags/3.5.32/includes/advanced-form/getresponse-rest-api.php#L57
- https://plugins.trac.wordpress.org/browser/kadence-blocks/tags/3.5.32/includes/advanced-form/getresponse-rest-api.php#L77
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3454881%40kadence-blocks%2Ftrunk&old=3453204%40kadence-blocks%2Ftrunk&sfp_email=&sfph_mail=
- https://www.wordfence.com/threat-intel/vulnerabilities/id/2ea8d38a-f5ce-40dd-a015-f56d60579e05?source=cve
