CVE-2025-24753: 
WordPress vulnerability analysis and mitigation

CVE-2025-24753 is a Missing Authorization vulnerability discovered in Kadence WP Gutenberg Blocks by Kadence Blocks that allows exploiting incorrectly configured access control security levels. The vulnerability affects versions through 3.3.1 of the Gutenberg Blocks plugin and was disclosed on January 24, 2025 (Patchstack).

The vulnerability is classified as a Broken Access Control issue, which refers to missing authorization, authentication, or nonce token checks in functions that could allow unprivileged users to execute higher privileged actions. It received a CVSS v3.1 score of 4.3 (Low severity), indicating a relatively low impact. The vulnerability requires Contributor-level privileges to exploit (Patchstack).

The security issue has been assessed to have a low severity impact and is considered unlikely to be exploited. The specific impact varies case by case due to the nature of broken access control vulnerabilities (Patchstack).

The vulnerability has been fixed in version 3.3.2 of the Kadence WP Gutenberg Blocks plugin. Users are advised to update to version 3.3.2 or later to remove the vulnerability. Patchstack users can enable auto-update functionality for vulnerable plugins (Patchstack).