Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Lifecycle Timeline
3DescriptionCVE.org
Missing Authorization vulnerability in CyberChimps Responsive Blocks responsive-block-editor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Responsive Blocks: from n/a through <= 2.2.0.
AnalysisAI
A Missing Authorization vulnerability exists in CyberChimps Responsive Blocks responsive-block-editor-addons plugin through version 2.2.0, where incorrectly configured access control allows unauthenticated attackers to perform unauthorized actions. The vulnerability has a CVSS score of 5.3 with a network attack vector and no privileges required, meaning remote attackers can exploit this without authentication to modify content or settings. While the integrity impact is limited (CWE-862: Missing Authorization), the lack of authentication requirements and the plugin's wide deployment in WordPress environments present a moderate real-world risk.
Technical ContextAI
The vulnerability stems from CWE-862 (Missing Authorization), a failure to implement proper access control checks on sensitive operations within the Responsive Blocks plugin. This WordPress plugin, which provides block editor functionality and add-ons for responsive design, does not properly validate user permissions before allowing certain operations. The root cause is likely in REST API endpoints, AJAX handlers, or administrative functions that fail to verify user roles or capabilities before executing privileged actions. The affected product is identified via CPE as the CyberChimps Responsive Blocks editor plugin, specifically versions up to and including 2.2.0, where authorization checks are bypassed due to incorrectly configured access control lists or missing capability checks in WordPress nonce validation.
RemediationAI
Immediately upgrade CyberChimps Responsive Blocks responsive-block-editor-addons to the latest available version beyond 2.2.0 (typically 2.2.1 or later, depending on vendor release cadence). Update the plugin via the WordPress dashboard's Plugins > Installed Plugins interface or directly from the WordPress.org plugin repository. Until updates can be deployed, implement WordPress-level access controls by reviewing user role assignments and removing unnecessary Editor or Administrator roles from untrusted accounts. As a temporary mitigation, restrict access to the WordPress admin dashboard via IP whitelisting at the web server or firewall level, and consider disabling the plugin entirely if not actively in use. Monitor your WordPress installation logs for suspicious REST API or AJAX requests targeting the plugin's endpoints.
More in Responsive Blocks
View allThe Responsive Blocks - WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CyberChimps
The Responsive Blocks - WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via
Same weakness CWE-862 – Missing Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-12029