Description
Missing Authorization vulnerability in CyberChimps Responsive Plus responsive-add-ons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Responsive Plus: from n/a through <= 3.2.0.
Published: 2025-06-06
Score: 5.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

WordPress Responsive Plus plugin versions 3.2.0 and earlier contain a Missing Authorization flaw that allows attackers to bypass normal access controls and exploit incorrectly configured security levels. The vulnerability can lead to unauthorized execution of plugin functions, potentially providing an attacker with sensitive configuration data or the ability to perform administrative operations within the plugin’s scope.

Affected Systems

The weakness affects the Responsive Plus plugin from CyberChimps. Any installation of this plugin with a version less than or equal to 3.2.0 on a WordPress site is impacted. Sites that have upgraded to a newer secure version are not affected.

Risk and Exploitability

The CVSS score of 5.4 indicates a moderate impact level. The EPSS score of less than 1% suggests a low likelihood of exploitation in the wild, and the vulnerability is not listed in CISA’s KEV catalog. The attack vector is inferred to be through the plugin’s HTTP endpoints, where an attacker can craft requests that bypass the plugin’s access controls without needing any user authentication. No additional conditions are stated in the CVE, so an unauthenticated attacker could potentially exploit the flaw by accessing privileged plugin functions.

Generated by OpenCVE AI on April 30, 2026 at 18:42 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Responsive Plus to the latest available version (≥3.2.1).
  • If an upgrade is not immediately possible, restrict access to the plugin’s administrative URLs using web‑server or application‑level access controls, allowing only trusted roles to reach them.
  • Monitor the site for any unauthorized attempts to access or manipulate the plugin’s functions and review access logs for suspicious activity.

Generated by OpenCVE AI on April 30, 2026 at 18:42 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-17130 Missing Authorization vulnerability in CyberChimps Responsive Plus allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Responsive Plus: from n/a through 3.2.0.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in CyberChimps Responsive Plus allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Responsive Plus: from n/a through 3.2.0. Missing Authorization vulnerability in CyberChimps Responsive Plus responsive-add-ons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Responsive Plus: from n/a through <= 3.2.0.
References
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L'}

Fri, 06 Jun 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 06 Jun 2025 11:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in CyberChimps Responsive Plus allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Responsive Plus: from n/a through 3.2.0.
Title WordPress Responsive Plus plugin <= 3.2.0 - Broken Access Control vulnerability
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:12:56.644Z

Reserved: 2025-05-19T14:14:34.469Z

Link: CVE-2025-48335

cve-icon Vulnrichment

Updated: 2025-06-06T15:04:20.897Z

cve-icon NVD

Status : Deferred

Published: 2025-06-06T12:15:23.957

Modified: 2026-04-23T15:31:07.733

Link: CVE-2025-48335

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T18:45:21Z

Weaknesses