Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CyberChimps Responsive Blocks responsive-block-editor-addons allows Reflected XSS.This issue affects Responsive Blocks: from n/a through <= 1.9.9.
Published: 2025-02-04
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability in the CyberChimps Responsive Blocks plugin arises from the plugin failing to neutralize user input before rendering it on web pages, resulting in a reflected Cross‑Site Scripting flaw (CWE‑79). Because the plugin reflects unsanitized input into the page output, an attacker could cause arbitrary script execution in the browsers of site visitors who view the affected page, potentially leading to client‑side compromise.

Affected Systems

All versions of the WordPress Responsive Blocks plugin through 1.9.9 distributed by CyberChimps are affected. Any installations of these versions that are hosting a WordPress site are vulnerable.

Risk and Exploitability

The CVSS score of 6.5 indicates a moderate severity. The EPSS score of less than 1 % suggests a low likelihood of exploitation in the population, and the issue is not listed in CISA’s KEV catalog. The flaw can be triggered remotely by supplying maliciously crafted input that the plugin renders without sanitization. No public exploits have been reported, but the moderate score and low EPSS still warrant timely mitigation.

Generated by OpenCVE AI on May 2, 2026 at 04:53 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Responsive Blocks to any version newer than 1.9.9 released by CyberChimps
  • Restrict the plugin’s editor and configuration interfaces to trusted administrative users to limit exposure to untrusted input
  • Deploy a web application firewall or input validation to neutralize malicious scripts before rendering

Generated by OpenCVE AI on May 2, 2026 at 04:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-2923 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CyberChimps Responsive Blocks allows Reflected XSS. This issue affects Responsive Blocks: from n/a through 1.9.9.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N'}

 cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CyberChimps Responsive Blocks allows Reflected XSS. This issue affects Responsive Blocks: from n/a through 1.9.9. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CyberChimps Responsive Blocks responsive-block-editor-addons allows Reflected XSS.This issue affects Responsive Blocks: from n/a through <= 1.9.9.
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L'}

 cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N'}

Tue, 15 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00026}

 epss

{'score': 0.00034}

Tue, 25 Feb 2025 19:00:00 +0000

Type Values Removed Values Added
First Time appeared Cyberchimps
Cyberchimps responsive Blocks
CPEs cpe:2.3:a:cyberchimps:responsive_blocks:*:*:*:*:*:wordpress:*:*
Vendors & Products Cyberchimps
Cyberchimps responsive Blocks

Wed, 05 Feb 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 04 Feb 2025 14:30:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CyberChimps Responsive Blocks allows Reflected XSS. This issue affects Responsive Blocks: from n/a through 1.9.9.
Title WordPress Responsive Blocks plugin <= 1.9.9 - Cross Site Scripting (XSS) vulnerability
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L'}

Subscriptions

Cyberchimps Responsive Blocks
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:11:04.839Z

Reserved: 2025-01-07T21:03:16.939Z

Link: CVE-2025-22697

cve-icon Vulnrichment

Updated: 2025-02-04T15:10:29.010Z

cve-icon NVD

Status : Modified

Published: 2025-02-04T15:15:21.793

Modified: 2026-04-23T15:23:25.347

Link: CVE-2025-22697

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-02T05:00:12Z

Weaknesses