Description
Missing Authorization vulnerability in CyberChimps Responsive Blocks responsive-block-editor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Responsive Blocks: from n/a through <= 2.2.0.
Published: 2026-03-13
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Access
Action: Update Plugin
AI Analysis

Impact

The vulnerability is a missing authorization check in the Responsive Blocks plugin. It allows any user who can trigger the affected functions to access configuration settings that should be restricted, potentially leading to unauthorized changes to the plugin’s configuration. This weakness is classified as CWE-862 (Missing Authorization).

Affected Systems

CyberChimps Responsive Blocks plugin for WordPress, all releases up to and including version 2.2.0, as identified by the vendor advisory.

Risk and Exploitability

CVSS score 5.3 indicates moderate severity, while the EPSS score of < 1 % suggests a low likelihood of exploitation at present. The vulnerability is not listed in the CISA KEV catalog. Attack likely requires authenticated access to WordPress with permission to load plugin settings; the description does not specify authentication explicitly, so this inference is drawn from typical plugin behavior.

Generated by OpenCVE AI on March 19, 2026 at 16:07 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Responsive Blocks plugin to any version newer than 2.2.0 as soon as possible.
  • If an update cannot be performed immediately, restrict the plugin's configuration and management pages so that only administrators can access them.
  • Consider disabling or removing the plugin until a patched version is available.
  • Monitor vendor advisories for updates.

Generated by OpenCVE AI on March 19, 2026 at 16:07 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 16 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Cyberchimps
Cyberchimps responsive Blocks
Wordpress
Wordpress wordpress
Vendors & Products Cyberchimps
Cyberchimps responsive Blocks
Wordpress
Wordpress wordpress

Fri, 13 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 13 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in CyberChimps Responsive Blocks responsive-block-editor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Responsive Blocks: from n/a through <= 2.2.0.
Title WordPress Responsive Blocks plugin <= 2.2.0 - Broken Access Control vulnerability
Weaknesses CWE-862
References

Subscriptions

Cyberchimps Responsive Blocks
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-01T14:16:23.492Z

Reserved: 2026-03-12T11:12:34.193Z

Link: CVE-2026-32543

cve-icon Vulnrichment

Updated: 2026-03-13T18:47:05.947Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-13T19:55:09.303

Modified: 2026-03-16T14:53:46.157

Link: CVE-2026-32543

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-23T12:03:01Z

Weaknesses