CyberChimps Responsive Blocks
Moderate fix1 remedy
cpe:2.3:a:cyberchimps:responsive_blocks:*:*:*:*:wordpress:*:*
Moderate fix1 remedy
- <= 1.9.9
Responsive Blocks WordPress Plugin Stored Cross-Site Scripting Vulnerability
Vulnerability
Patched
A stored cross-site scripting vulnerability has been identified in the Responsive Blocks - WordPress Gutenberg Blocks plugin, affecting all versions through 1.9.9. The issue arises from inadequate input sanitization and output escaping, allowing authenticated attackers with Contributor-level access or higher to inject arbitrary scripts into pages. These scripts are executed when a user accesses the affected page.
Impact
Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user viewing the page.
Reproduction
To reproduce this vulnerability, an authenticated user with Contributor-level access or higher can inject scripts via the 'section_tag' parameter. This can be done by creating or editing a post and using a block that accepts the 'section_tag' parameter, such as the Post Carousel block. The injected script will be executed when the post is viewed.
Remediation
Users are advised to update the Responsive Blocks - WordPress Gutenberg Blocks plugin to version 2.0.0 or later.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
1.0impact
1.7exploitability
6.4remediation
7.7relevance
0.0threat
4.8urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.