Responsive Blocks
Monthly
A Missing Authorization vulnerability exists in CyberChimps Responsive Blocks responsive-block-editor-addons plugin through version 2.2.0, where incorrectly configured access control allows unauthenticated attackers to perform unauthorized actions. The vulnerability has a CVSS score of 5.3 with a network attack vector and no privileges required, meaning remote attackers can exploit this without authentication to modify content or settings. While the integrity impact is limited (CWE-862: Missing Authorization), the lack of authentication requirements and the plugin's wide deployment in WordPress environments present a moderate real-world risk.
The Responsive Blocks - WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘section_tag’ parameter in all versions up to, and including, 1.9.9 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
The Responsive Blocks - WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'responsive-block-editor-addons/portfolio' block in all versions up to,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CyberChimps Responsive Blocks - WordPress Gutenberg Blocks allows Stored XSS.8.8. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A Missing Authorization vulnerability exists in CyberChimps Responsive Blocks responsive-block-editor-addons plugin through version 2.2.0, where incorrectly configured access control allows unauthenticated attackers to perform unauthorized actions. The vulnerability has a CVSS score of 5.3 with a network attack vector and no privileges required, meaning remote attackers can exploit this without authentication to modify content or settings. While the integrity impact is limited (CWE-862: Missing Authorization), the lack of authentication requirements and the plugin's wide deployment in WordPress environments present a moderate real-world risk.
The Responsive Blocks - WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘section_tag’ parameter in all versions up to, and including, 1.9.9 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
The Responsive Blocks - WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'responsive-block-editor-addons/portfolio' block in all versions up to,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CyberChimps Responsive Blocks - WordPress Gutenberg Blocks allows Stored XSS.8.8. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.