Vulnerabilities and security researches forresponsive-block-editor-addons responsive-block-editor-addons
Direction: descendingApr 23, 2026
Responsive Blocks – WordPress Gutenberg Blocks # CVE-2026-6675
- CVE, Research URL
- Date
- Apr 21, 2026
- Research Description
- The Responsive Blocks – Page Builder for Blocks & Patterns plugin for WordPress is vulnerable to Unauthenticated Open Email Relay in all versions up to, and including, 2.2.0. This is due to insufficient authorization checks and missing server-side validation of the recipient email address supplied via a public REST API route. This makes it possible for unauthenticated attackers to send arbitrary emails to any recipient of their choosing through the affected WordPress site's mail server, effectively turning the site into an open mail relay.
- Affected versions
-
max 2.2.1.
- Status
-
vulnerable
Responsive Blocks – WordPress Gutenberg Blocks # CVE-2026-6703
- CVE, Research URL
- Date
- Apr 21, 2026
- Research Description
- The Responsive Blocks – Page Builder for Blocks & Patterns plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 2.2.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with contributor-level access and above, to modify global site-wide plugin configuration options, including toggling custom CSS, disabling blocks, changing layout defaults such as content width, container padding, and container gap, and altering auto-block-recovery behavior.
- Affected versions
-
max 2.2.2.
- Status
-
vulnerable
Mar 29, 2026
Responsive Blocks – WordPress Gutenberg Blocks # CVE-2026-32543
- CVE, Research URL
- Date
- Mar 14, 2026
- Research Description
- Missing Authorization vulnerability in CyberChimps Responsive Blocks responsive-block-editor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Responsive Blocks: from n/a through <= 2.2.0.
- Affected versions
-
max 2.2.0.
- Status
-
vulnerable
Jul 02, 2025
Responsive Blocks – WordPress Gutenberg Blocks # CVE-2025-53202
- CVE, Research URL
- Date
- Jun 27, 2025
- Research Description
- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CyberChimps Responsive Blocks allows DOM-Based XSS. This issue affects Responsive Blocks: from n/a through 2.0.6.
- Affected versions
-
max 2.0.7.
- Status
-
vulnerable
Jun 20, 2025
Responsive Blocks – WordPress Gutenberg Blocks # CVE-2025-49881
- CVE, Research URL
- Date
- Jun 17, 2025
- Research Description
- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CyberChimps Responsive Blocks allows Stored XSS. This issue affects Responsive Blocks: from n/a through 2.0.5.
- Affected versions
-
max 2.0.6.
- Status
-
vulnerable
Apr 18, 2025
Responsive Blocks – WordPress Gutenberg Blocks # CVE-2025-39578
- CVE, Research URL
- Date
- Apr 16, 2025
- Research Description
- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CyberChimps Responsive Blocks allows Stored XSS. This issue affects Responsive Blocks: from n/a through 2.0.2.
- Affected versions
-
max 2.0.3.
- Status
-
vulnerable
Feb 06, 2025
Responsive Blocks – WordPress Gutenberg Blocks # CVE-2025-22697
- CVE, Research URL
- Date
- Feb 04, 2025
- Research Description
- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CyberChimps Responsive Blocks allows Reflected XSS. This issue affects Responsive Blocks: from n/a through 1.9.9.
- Affected versions
-
max 2.0.0.
- Status
-
vulnerable
Feb 01, 2025
Responsive Blocks – WordPress Gutenberg Blocks # CVE-2024-13732
- CVE, Research URL
- Date
- Jan 30, 2025
- Research Description
- The Responsive Blocks – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘section_tag’ parameter in all versions up to, and including, 1.9.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
- Affected versions
-
max 2.0.0.
- Status
-
vulnerable
Dec 24, 2024
Responsive Blocks – WordPress Gutenberg Blocks # CVE-2024-12268
- CVE, Research URL
- Date
- Dec 24, 2024
- Research Description
- The Responsive Blocks – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'responsive-block-editor-addons/portfolio' block in all versions up to, and including, 1.9.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
- Affected versions
-
max 1.9.8.
- Status
-
vulnerable
Aug 20, 2024
Responsive Blocks – WordPress Gutenberg Blocks # CVE-2024-43335
- CVE, Research URL
- Date
- Aug 18, 2024
- Research Description
- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CyberChimps Responsive Blocks – WordPress Gutenberg Blocks allows Stored XSS.This issue affects Responsive Blocks – WordPress Gutenberg Blocks: from n/a through 1.8.8.
- Affected versions
-
max 1.8.9.
- Status
-
vulnerable