Vulnerability Description
The Responsive Blocks – Page Builder for Blocks & Patterns plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 2.2.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with contributor-level access and above, to modify global site-wide plugin configuration options, including toggling custom CSS, disabling blocks, changing layout defaults such as content width, container padding, and container gap, and altering auto-block-recovery behavior.
CVSS Score
MEDIUM
Related Weaknesses (CWE)
References
- https://plugins.trac.wordpress.org/browser/responsive-block-editor-addons/tags/2
- https://plugins.trac.wordpress.org/browser/responsive-block-editor-addons/tags/2
- https://plugins.trac.wordpress.org/browser/responsive-block-editor-addons/tags/2
- https://plugins.trac.wordpress.org/browser/responsive-block-editor-addons/trunk/
- https://plugins.trac.wordpress.org/browser/responsive-block-editor-addons/trunk/
- https://plugins.trac.wordpress.org/browser/responsive-block-editor-addons/trunk/
- https://plugins.trac.wordpress.org/changeset/3465616
- https://www.wordfence.com/threat-intel/vulnerabilities/id/187b072d-6314-4ac1-a92
FAQ
What is CVE-2026-6703?
CVE-2026-6703 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The Responsive Blocks – Page Builder for Blocks & Patterns plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 2.2.1. This is due to the plugin not properly...
How severe is CVE-2026-6703?
CVE-2026-6703 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-6703?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.