The Responsive Blocks plugin for WordPress contains an improper neutralization of input during web page generation that results in a stored XSS vulnerability. This flaw allows an attacker to embed malicious scripts into content that the plugin renders, causing those scripts to execute in the browsers of any user who views the affected content. The primary consequences are the theft of sensitive information, session hijacking, or other malicious actions performed on behalf of the victim. The weakness is identified as CWE‑79.

Any WordPress installation that runs CyberChimps Responsive Blocks plugin version 2.0.5 or earlier is affected. The vulnerability is present in all versions from the earliest released through 2.0.5, so sites using any of those releases are at risk.

The CVSS score of 6.5 indicates a moderate severity. The EPSS score of less than 1% suggests that exploitation is unlikely to be common, and the vulnerability is not currently listed in CISA’s KEV catalog. Based on the vulnerability description, the attack vector is most plausibly through the plugin’s content creation or editing interface, which is accessible to users with content‑management privileges. An attacker who gains such access can inject a payload that will be stored and subsequently executed in the browsers of all site visitors. The impact scope spans all users who view the compromised content.