[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fXyPm5IwM5F01PwV2H5AEASMAw5xnqT1N8GX_cN-vRTM":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20,"patch_diff_files":21,"patch_trac_url":9,"research_status":30,"research_verified":31,"research_rounds_completed":32,"research_plan":33,"research_summary":34,"research_vulnerable_code":35,"research_fix_diff":36,"research_exploit_outline":37,"research_model_used":38,"research_started_at":39,"research_completed_at":40,"research_error":9,"poc_status":9,"poc_video_id":9,"poc_summary":9,"poc_steps":9,"poc_tested_at":9,"poc_wp_version":9,"poc_php_version":9,"poc_playwright_script":9,"poc_exploit_code":9,"poc_has_trace":31,"poc_model_used":9,"poc_verification_depth":9,"poc_exploit_code_gated":31,"source_links":41},"CVE-2026-32543","responsive-blocks-page-builder-for-blocks-patterns-missing-authorization","Responsive Blocks – Page Builder for Blocks & Patterns \u003C= 2.2.0 - Missing Authorization","The Responsive Blocks – Page Builder for Blocks & Patterns plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.2.0. This makes it possible for unauthenticated attackers to perform an unauthorized action.","responsive-block-editor-addons",null,"\u003C=2.2.0","2.2.1","medium",5.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Missing Authorization","2026-03-11 00:00:00","2026-03-19 15:41:25",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F9d720d66-9a2c-4bb7-9be0-341eb0e24193?source=api-prod",9,[22,23,24,25,26,27,28,29],"dist\u002Fresponsive-block-editor-addons.asset.php","dist\u002Fresponsive-block-editor-addons.js","includes\u002Fclass-responsive-block-editor-addons.php","includes\u002Fdata\u002Fresponsive-sites-gutenberg-all.json","readme.txt","responsive-block-editor-addons.php","src\u002Fblocks\u002Fform\u002Fcomponents\u002Fedit.js","src\u002Fblocks\u002Fform\u002Fcomponents\u002Fsave.js","researched",false,3,"# Exploitation Research Plan - CVE-2026-32543\n\n## 1. Vulnerability Summary\nThe **Responsive Blocks – Page Builder for Blocks & Patterns** plugin (\u003C= 2.2.0) is vulnerable to **Missing Authorization** on functions hooked to `admin_init`. Specifically, several functions responsible for dismissing or modifying administrative notices do not implement capability checks (`current_user_can`) or nonce verification. Because `admin_init` is triggered for every request to `\u002Fwp-admin\u002Fadmin-ajax.php` (even for unauthenticated users), an attacker can perform unauthorized state changes by sending crafted GET requests.\n\n## 2. Attack Vector Analysis\n*   **Endpoint:** `\u002Fwp-admin\u002Fadmin-ajax.php` (or any admin page)\n*   **Action Hook:** `admin_init`\n*   **Vulnerable Functions:** `rba_notice_dismissed`, `rba_notice_change_timeout`, and `rba_notice_cross_dismiss`.\n*   **Payload Parameters:** `rba_notice_dismissed`, `rba_notice_timeout`, or `rba_notice_cross_dismiss`.\n*   **Authentication:** None required (`PR:N`).\n*   **Preconditions:** The plugin must be active.\n\n## 3. Code Flow\n1.  In `includes\u002Fclass-responsive-block-editor-addons.php`, the constructor registers several hooks to `admin_init`:\n    ```php\n    add_action(","The Responsive Blocks plugin for WordPress is vulnerable to unauthorized access because several administrative notice management functions are hooked to admin_init without capability checks or nonce verification. This allows unauthenticated attackers to dismiss or modify administrator-level notices by sending crafted requests to admin-ajax.php, which triggers the admin_init hook even for non-logged-in users.","\u002F\u002F includes\u002Fclass-responsive-block-editor-addons.php line 189\nadd_action( 'admin_init', array( $this, 'rba_notice_dismissed' ) );\nadd_action( 'admin_init', array( $this, 'rba_notice_change_timeout' ) );\nadd_action( 'admin_init', array( $this, 'rba_notice_cross_dismiss' ) );","diff -ru \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fresponsive-block-editor-addons\u002F2.2.0\u002Fdist\u002Fresponsive-block-editor-addons.asset.php \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fresponsive-block-editor-addons\u002F2.2.1\u002Fdist\u002Fresponsive-block-editor-addons.asset.php\n--- \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fresponsive-block-editor-addons\u002F2.2.0\u002Fdist\u002Fresponsive-block-editor-addons.asset.php\t2026-02-10 11:35:38.000000000 +0000\n+++ \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fresponsive-block-editor-addons\u002F2.2.1\u002Fdist\u002Fresponsive-block-editor-addons.asset.php\t2026-02-11 11:59:30.000000000 +0000\n@@ -1 +1 @@\n-\u003C?php return array('dependencies' => array('jquery', 'lodash', 'moment', 'react', 'react-dom', 'wp-api-fetch', 'wp-blob', 'wp-block-editor', 'wp-blocks', 'wp-components', 'wp-compose', 'wp-data', 'wp-dom-ready', 'wp-editor', 'wp-element', 'wp-hooks', 'wp-i18n', 'wp-keycodes', 'wp-media-utils', 'wp-polyfill', 'wp-primitives', 'wp-url'), 'version' => 'c0287f04525a3d829aadc0adf8987c18');\n\\ No newline at end of file\n+\u003C?php return array('dependencies' => array('jquery', 'lodash', 'moment', 'react', 'react-dom', 'wp-api-fetch', 'wp-blob', 'wp-block-editor', 'wp-blocks', 'wp-components', 'wp-compose', 'wp-data', 'wp-dom-ready', 'wp-editor', 'wp-element', 'wp-hooks', 'wp-i18n', 'wp-keycodes', 'wp-media-utils', 'wp-polyfill', 'wp-primitives', 'wp-url'), 'version' => '038a6e3276a756d33fbcf360a37f4806');\n\\ No newline at end of file\ndiff -ru \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fresponsive-block-editor-addons\u002F2.2.0\u002Fdist\u002Fresponsive-block-editor-addons.js \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fresponsive-block-editor-addons\u002F2.2.1\u002Fdist\u002Fresponsive-block-editor-addons.js\n--- \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fresponsive-block-editor-addons\u002F2.2.0\u002Fdist\u002Fresponsive-block-editor-addons.js\t2026-02-10 11:35:38.000000000 +0000\n+++ \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fresponsive-block-editor-addons\u002F2.2.1\u002Fdist\u002Fresponsive-block-editor-addons.js\t2026-02-11 11:59:30.000000000 +0000\n@@ -20,7 +20,7 @@\n... (truncated)","The exploit target is the admin_init hook, which executes on every request to \u002Fwp-admin\u002Fadmin-ajax.php, regardless of authentication status. An attacker sends a crafted GET or POST request to this endpoint containing specific parameters used by the plugin to track administrative notice states, such as 'rba_notice_dismissed', 'rba_notice_timeout', or 'rba_notice_cross_dismiss'. Because the functions processing these parameters (rba_notice_dismissed, rba_notice_change_timeout, and rba_notice_cross_dismiss) do not check for user capabilities (current_user_can) or verify a cryptographic nonce, the request successfully modifies the site's configuration options (e.g., updating 'rbea_review_notice_dismissed') without authorization.","gemini-3-flash-preview","2026-04-18 04:21:58","2026-04-18 04:22:35",{"type":42,"vulnerable_version":43,"fixed_version":11,"vulnerable_browse":44,"vulnerable_zip":45,"fixed_browse":46,"fixed_zip":47,"all_tags":48},"plugin","2.2.0","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fresponsive-block-editor-addons\u002Ftags\u002F2.2.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fresponsive-block-editor-addons.2.2.0.zip","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fresponsive-block-editor-addons\u002Ftags\u002F2.2.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fresponsive-block-editor-addons.2.2.1.zip","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fresponsive-block-editor-addons\u002Ftags"]