cleantalk
Vulnerabilities and Security Researches

Responsive Blocks – WordPress Gutenberg Blocks, CVE-2026-6675

CVE, Research URL

CVE-2026-6675

Home page URL

Security reports for Responsive Blocks – WordPress Gutenberg Blocks

Application

Responsive Blocks – WordPress Gutenberg Blocks

Published on
Apr 21, 2026
Research Description
The Responsive Blocks – Page Builder for Blocks & Patterns plugin for WordPress is vulnerable to Unauthenticated Open Email Relay in all versions up to, and including, 2.2.0. This is due to insufficient authorization checks and missing server-side validation of the recipient email address supplied via a public REST API route. This makes it possible for unauthenticated attackers to send arbitrary emails to any recipient of their choosing through the affected WordPress site's mail server, effectively turning the site into an open mail relay.
Affected versions
max 2.2.1.
Status
vulnerable
Previous vulnerability researches
CBX Map for Google Map & OpenStreetMap (CVE-2025-9123) , Apr 23, 2026
CBX Map for Google Map & OpenStreetMap (CVE-2025-47669) , May 09, 2025
CBX Map for Google Map & OpenStreetMap (CVE-2024-22297) , Jun 07, 2024
CBX Map for Google Map & OpenStreetMap (CVE-2023-47240) , Jun 07, 2024
New vulnerability
WP Responsive Popup + Optin (CVE-2026-4131) , Apr 24, 2026
Portfolio Gallery, Product Catalog – Grid KIT Portfolio (CVE-2025-5092) , Apr 24, 2026
Media Library Assistant (CVE-2025-59590) , Apr 24, 2026
Beaver Builder – WordPress Page Builder (CVE-2025-8897) , Apr 24, 2026
Real Estate Pro (CVE-2026-1845) , Apr 24, 2026