Skip to main content

Responsive Blocks CVE-2026-32543

| EUVDEUVD-2026-12029 MEDIUM
Missing Authorization (CWE-862)
2026-03-13 Patchstack
5.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

3
EUVD ID Assigned
Mar 13, 2026 - 16:57 euvd
EUVD-2026-12029
Analysis Generated
Mar 13, 2026 - 16:57 vuln.today
CVE Published
Mar 13, 2026 - 11:42 nvd
MEDIUM 5.3

DescriptionCVE.org

Missing Authorization vulnerability in CyberChimps Responsive Blocks responsive-block-editor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Responsive Blocks: from n/a through <= 2.2.0.

AnalysisAI

A Missing Authorization vulnerability exists in CyberChimps Responsive Blocks responsive-block-editor-addons plugin through version 2.2.0, where incorrectly configured access control allows unauthenticated attackers to perform unauthorized actions. The vulnerability has a CVSS score of 5.3 with a network attack vector and no privileges required, meaning remote attackers can exploit this without authentication to modify content or settings. While the integrity impact is limited (CWE-862: Missing Authorization), the lack of authentication requirements and the plugin's wide deployment in WordPress environments present a moderate real-world risk.

Technical ContextAI

The vulnerability stems from CWE-862 (Missing Authorization), a failure to implement proper access control checks on sensitive operations within the Responsive Blocks plugin. This WordPress plugin, which provides block editor functionality and add-ons for responsive design, does not properly validate user permissions before allowing certain operations. The root cause is likely in REST API endpoints, AJAX handlers, or administrative functions that fail to verify user roles or capabilities before executing privileged actions. The affected product is identified via CPE as the CyberChimps Responsive Blocks editor plugin, specifically versions up to and including 2.2.0, where authorization checks are bypassed due to incorrectly configured access control lists or missing capability checks in WordPress nonce validation.

RemediationAI

Immediately upgrade CyberChimps Responsive Blocks responsive-block-editor-addons to the latest available version beyond 2.2.0 (typically 2.2.1 or later, depending on vendor release cadence). Update the plugin via the WordPress dashboard's Plugins > Installed Plugins interface or directly from the WordPress.org plugin repository. Until updates can be deployed, implement WordPress-level access controls by reviewing user role assignments and removing unnecessary Editor or Administrator roles from untrusted accounts. As a temporary mitigation, restrict access to the WordPress admin dashboard via IP whitelisting at the web server or firewall level, and consider disabling the plugin entirely if not actively in use. Monitor your WordPress installation logs for suspicious REST API or AJAX requests targeting the plugin's endpoints.

Share

CVE-2026-32543 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy