{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-32543", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2026-03-12T11:12:34.193Z", "datePublished": "2026-03-13T11:42:24.104Z", "dateUpdated": "2026-04-29T09:52:01.668Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "responsive-block-editor-addons", "product": "Responsive Blocks", "vendor": "CyberChimps", "versions": [{"changes": [{"at": "2.2.1", "status": "unaffected"}], "lessThanOrEqual": "2.2.0", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Silver Asu | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-01T16:04:31.188Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Missing Authorization vulnerability in CyberChimps Responsive Blocks responsive-block-editor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects Responsive Blocks: from n/a through <= 2.2.0.</p>"}], "value": "Missing Authorization vulnerability in CyberChimps Responsive Blocks responsive-block-editor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Responsive Blocks: from n/a through <= 2.2.0."}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "Exploiting Incorrectly Configured Access Control Security Levels"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "Missing Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-29T09:52:01.668Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/responsive-block-editor-addons/vulnerability/wordpress-responsive-blocks-plugin-2-2-0-broken-access-control-vulnerability?_s_id=cve"}], "title": "WordPress Responsive Blocks plugin <= 2.2.0 - Broken Access Control vulnerability"}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-32543", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-13T18:47:05.251535Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-13T18:53:34.389Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-32543", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-13T18:47:05.251535Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-13T18:47:05.947Z"}}], "cna": {"title": "WordPress Responsive Blocks plugin <= 2.2.0 - Broken Access Control vulnerability", "credits": [{"lang": "en", "type": "finder", "value": "Silver Asu | Patchstack Bug Bounty Program"}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "Exploiting Incorrectly Configured Access Control Security Levels"}]}], "affected": [{"vendor": "CyberChimps", "product": "Responsive Blocks", "versions": [{"status": "affected", "changes": [{"at": "2.2.1", "status": "unaffected"}], "version": "0", "versionType": "custom", "lessThanOrEqual": "2.2.0"}], "packageName": "responsive-block-editor-addons", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "datePublic": "2026-04-01T16:04:31.188Z", "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/responsive-block-editor-addons/vulnerability/wordpress-responsive-blocks-plugin-2-2-0-broken-access-control-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in CyberChimps Responsive Blocks responsive-block-editor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Responsive Blocks: from n/a through <= 2.2.0.", "supportingMedia": [{"type": "text/html", "value": "Missing Authorization vulnerability in CyberChimps Responsive Blocks responsive-block-editor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects Responsive Blocks: from n/a through <= 2.2.0.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "Missing Authorization"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-01T14:16:23.492Z"}}}, "cveMetadata": {"cveId": "CVE-2026-32543", "state": "PUBLISHED", "dateUpdated": "2026-04-01T14:16:23.492Z", "dateReserved": "2026-03-12T11:12:34.193Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2026-03-13T11:42:24.104Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in CyberChimps Responsive Blocks responsive-block-editor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Responsive Blocks: from n/a through <= 2.2.0."}, {"lang": "es", "value": "Vulnerabilidad de autorizaci\u00f3n faltante en CyberChimps Responsive Blocks responsive-block-editor-addons permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Responsive Blocks: desde n/a hasta &lt;= 2.2.0."}], "id": "CVE-2026-32543", "lastModified": "2026-04-22T21:30:26.497", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-13T19:55:09.303", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Plugin/responsive-block-editor-addons/vulnerability/wordpress-responsive-blocks-plugin-2-2-0-broken-access-control-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,2.2.0]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "2.2.1"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Responsive Blocks", "source": "cna", "vendor": "CyberChimps"}, "product": "responsive_blocks", "vendor": "cyberchimps"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-03-19T16:07:12.193728+00:00", "value": {"mitigation_remediation": ["Upgrade the Responsive Blocks plugin to any version newer than 2.2.0 as soon as possible.", "If an update cannot be performed immediately, restrict the plugin's configuration and management pages so that only administrators can access them.", "Consider disabling or removing the plugin until a patched version is available.", "Monitor vendor advisories for updates."], "summary": {"action": "Update Plugin", "impact": "Unauthorized Access"}, "threat_synthesis": {"affected_systems": "CyberChimps Responsive Blocks plugin for WordPress, all releases up to and including version\u202f2.2.0, as identified by the vendor advisory.", "description_and_impact": "The vulnerability is a missing authorization check in the Responsive Blocks plugin. It allows any user who can trigger the affected functions to access configuration settings that should be restricted, potentially leading to unauthorized changes to the plugin\u2019s configuration. This weakness is classified as CWE-862 (Missing Authorization).", "risk_and_exploitability": "CVSS score 5.3 indicates moderate severity, while the EPSS score of <\u202f1\u202f% suggests a low likelihood of exploitation at present. The vulnerability is not listed in the CISA KEV catalog. Attack likely requires authenticated access to WordPress with permission to load plugin settings; the description does not specify authentication explicitly, so this inference is drawn from typical plugin behavior."}}}}, "created": "2026-03-16T09:25:24.043039+00:00", "updated": "2026-03-23T12:03:01.208685+00:00", "vendors": ["cyberchimps", "cyberchimps$PRODUCT$responsive_blocks", "wordpress", "wordpress$PRODUCT$wordpress"]}