Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CyberChimps Responsive Blocks responsive-block-editor-addons allows Stored XSS.This issue affects Responsive Blocks: from n/a through <= 2.0.2.
Published: 2025-04-16
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability in the Responsive Blocks plugin allows stored cross‑site scripting due to improper input neutralization. An attacker who can inject content into the plugin’s input fields can store malicious scripts that execute in the browsers of all visitors who view the affected content. This can lead to session hijacking, defacement, or distribution of malware, compromising confidentiality, integrity, and availability of the site.

Affected Systems

This flaw affects the WordPress Responsive Blocks plugin from the initial release through version 2.0.2 inclusive. The plugin is developed by CyberChimps and is installed on WordPress sites that use it.

Risk and Exploitability

The CVSS score of 6.5 indicates a moderate severity, but the EPSS score of less than 1% suggests a low likelihood of exploitation in the short term. The vulnerability is not listed in the CISA KEV catalog, meaning there are no known active exploits. However, the stored XSS could be leveraged by an authenticated content editor or anyone with the ability to submit plugin content, making it reasonable for attackers to test for and exploit the flaw if they can reach the editing interface.

Generated by OpenCVE AI on April 30, 2026 at 22:47 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest update of the Responsive Blocks plugin (2.0.3 or later) from CyberChimps.
  • If the plugin cannot be updated immediately, remove or deactivate it to eliminate the vulnerable code path.
  • Limit editing privileges to trusted users to reduce the likelihood that untrusted input can be stored by the plugin.

Generated by OpenCVE AI on April 30, 2026 at 22:47 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-11302 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CyberChimps Responsive Blocks allows Stored XSS. This issue affects Responsive Blocks: from n/a through 2.0.2.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CyberChimps Responsive Blocks allows Stored XSS. This issue affects Responsive Blocks: from n/a through 2.0.2. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CyberChimps Responsive Blocks responsive-block-editor-addons allows Stored XSS.This issue affects Responsive Blocks: from n/a through <= 2.0.2.
Title WordPress Responsive Blocks <= 2.0.2 - Cross Site Scripting (XSS) Vulnerability WordPress Responsive Blocks plugin <= 2.0.2 - Cross Site Scripting (XSS) Vulnerability
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L'}

Wed, 16 Apr 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 16 Apr 2025 12:45:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CyberChimps Responsive Blocks allows Stored XSS. This issue affects Responsive Blocks: from n/a through 2.0.2.
Title WordPress Responsive Blocks <= 2.0.2 - Cross Site Scripting (XSS) Vulnerability
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L'}

Subscriptions

Cyberchimps Responsive Blocks
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:12:35.171Z

Reserved: 2025-04-16T06:26:44.220Z

Link: CVE-2025-39578

cve-icon Vulnrichment

Updated: 2025-04-16T14:17:34.076Z

cve-icon NVD

Status : Deferred

Published: 2025-04-16T13:15:50.570

Modified: 2026-04-23T15:29:49.417

Link: CVE-2025-39578

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T23:00:04Z

Weaknesses