Responsive Blocks
Monthly
A Missing Authorization vulnerability exists in CyberChimps Responsive Blocks responsive-block-editor-addons plugin through version 2.2.0, where incorrectly configured access control allows unauthenticated attackers to perform unauthorized actions. The vulnerability has a CVSS score of 5.3 with a network attack vector and no privileges required, meaning remote attackers can exploit this without authentication to modify content or settings. While the integrity impact is limited (CWE-862: Missing Authorization), the lack of authentication requirements and the plugin's wide deployment in WordPress environments present a moderate real-world risk.
The Responsive Blocks - WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘section_tag’ parameter in all versions up to, and including, 1.9.9 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
A Missing Authorization vulnerability exists in CyberChimps Responsive Blocks responsive-block-editor-addons plugin through version 2.2.0, where incorrectly configured access control allows unauthenticated attackers to perform unauthorized actions. The vulnerability has a CVSS score of 5.3 with a network attack vector and no privileges required, meaning remote attackers can exploit this without authentication to modify content or settings. While the integrity impact is limited (CWE-862: Missing Authorization), the lack of authentication requirements and the plugin's wide deployment in WordPress environments present a moderate real-world risk.
The Responsive Blocks - WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘section_tag’ parameter in all versions up to, and including, 1.9.9 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.