{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-6675", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2026-04-20T14:13:26.851Z", "datePublished": "2026-04-21T02:25:39.847Z", "dateUpdated": "2026-04-21T13:22:00.182Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-21T02:25:39.847Z"}, "affected": [{"vendor": "cyberchimps", "product": "Responsive Blocks \u2013 Page Builder for Blocks & Patterns", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "2.2.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Responsive Blocks \u2013 Page Builder for Blocks & Patterns plugin for WordPress is vulnerable to Unauthenticated Open Email Relay in all versions up to, and including, 2.2.0. This is due to insufficient authorization checks and missing server-side validation of the recipient email address supplied via a public REST API route. This makes it possible for unauthenticated attackers to send arbitrary emails to any recipient of their choosing through the affected WordPress site's mail server, effectively turning the site into an open mail relay."}], "title": "Responsive Blocks <= 2.2.0 - Unauthenticated Open Email Relay via REST API 'email_to' Parameter", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/17452a29-bcef-451a-9893-a436ac5d3b80?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/responsive-block-editor-addons/trunk/includes/class-responsive-block-editor-addons.php#L2403"}, {"url": "https://plugins.trac.wordpress.org/browser/responsive-block-editor-addons/tags/2.1.9/includes/class-responsive-block-editor-addons.php#L2403"}, {"url": "https://plugins.trac.wordpress.org/browser/responsive-block-editor-addons/trunk/includes/class-responsive-block-editor-addons.php#L2212"}, {"url": "https://plugins.trac.wordpress.org/browser/responsive-block-editor-addons/tags/2.1.9/includes/class-responsive-block-editor-addons.php#L2212"}, {"url": "https://plugins.trac.wordpress.org/browser/responsive-block-editor-addons/trunk/includes/class-responsive-block-editor-addons.php#L2324"}, {"url": "https://plugins.trac.wordpress.org/browser/responsive-block-editor-addons/tags/2.1.9/includes/class-responsive-block-editor-addons.php#L2324"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-20 Improper Input Validation", "cweId": "CWE-20", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Even Stokkedalen"}], "timeline": [{"time": "2026-04-20T14:13:38.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-21T13:21:53.166891Z", "id": "CVE-2026-6675", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-21T13:22:00.182Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-6675", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2026-04-20T14:13:26.851Z", "datePublished": "2026-04-21T02:25:39.847Z", "dateUpdated": "2026-04-21T13:22:00.182Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-21T02:25:39.847Z"}, "affected": [{"vendor": "cyberchimps", "product": "Responsive Blocks \u2013 Page Builder for Blocks & Patterns", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "2.2.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Responsive Blocks \u2013 Page Builder for Blocks & Patterns plugin for WordPress is vulnerable to Unauthenticated Open Email Relay in all versions up to, and including, 2.2.0. This is due to insufficient authorization checks and missing server-side validation of the recipient email address supplied via a public REST API route. This makes it possible for unauthenticated attackers to send arbitrary emails to any recipient of their choosing through the affected WordPress site's mail server, effectively turning the site into an open mail relay."}], "title": "Responsive Blocks <= 2.2.0 - Unauthenticated Open Email Relay via REST API 'email_to' Parameter", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/17452a29-bcef-451a-9893-a436ac5d3b80?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/responsive-block-editor-addons/trunk/includes/class-responsive-block-editor-addons.php#L2403"}, {"url": "https://plugins.trac.wordpress.org/browser/responsive-block-editor-addons/tags/2.1.9/includes/class-responsive-block-editor-addons.php#L2403"}, {"url": "https://plugins.trac.wordpress.org/browser/responsive-block-editor-addons/trunk/includes/class-responsive-block-editor-addons.php#L2212"}, {"url": "https://plugins.trac.wordpress.org/browser/responsive-block-editor-addons/tags/2.1.9/includes/class-responsive-block-editor-addons.php#L2212"}, {"url": "https://plugins.trac.wordpress.org/browser/responsive-block-editor-addons/trunk/includes/class-responsive-block-editor-addons.php#L2324"}, {"url": "https://plugins.trac.wordpress.org/browser/responsive-block-editor-addons/tags/2.1.9/includes/class-responsive-block-editor-addons.php#L2324"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-20 Improper Input Validation", "cweId": "CWE-20", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Even Stokkedalen"}], "timeline": [{"time": "2026-04-20T14:13:38.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-6675", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-21T13:21:53.166891Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-21T13:21:56.653Z"}}]}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Responsive Blocks \u2013 Page Builder for Blocks & Patterns plugin for WordPress is vulnerable to Unauthenticated Open Email Relay in all versions up to, and including, 2.2.0. This is due to insufficient authorization checks and missing server-side validation of the recipient email address supplied via a public REST API route. This makes it possible for unauthenticated attackers to send arbitrary emails to any recipient of their choosing through the affected WordPress site's mail server, effectively turning the site into an open mail relay."}], "id": "CVE-2026-6675", "lastModified": "2026-04-22T20:22:50.570", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Primary"}]}, "published": "2026-04-21T03:16:09.210", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/responsive-block-editor-addons/tags/2.1.9/includes/class-responsive-block-editor-addons.php#L2212"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/responsive-block-editor-addons/tags/2.1.9/includes/class-responsive-block-editor-addons.php#L2324"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/responsive-block-editor-addons/tags/2.1.9/includes/class-responsive-block-editor-addons.php#L2403"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/responsive-block-editor-addons/trunk/includes/class-responsive-block-editor-addons.php#L2212"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/responsive-block-editor-addons/trunk/includes/class-responsive-block-editor-addons.php#L2324"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/responsive-block-editor-addons/trunk/includes/class-responsive-block-editor-addons.php#L2403"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/17452a29-bcef-451a-9893-a436ac5d3b80?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "security@wordfence.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,2.2.0]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Responsive Blocks \u2013 Page Builder for Blocks & Patterns", "source": "cna", "vendor": "cyberchimps"}, "product": "responsive_blocks_\u2013_page_builder_for_blocks_&_patterns", "vendor": "cyberchimps"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-04-21T15:28:50.907169+00:00", "value": {"mitigation_remediation": ["Upgrade the Responsive Blocks plugin to any version newer than 2.2.0, ensuring that the fixed authorization checks and input validation are in place.", "If an immediate upgrade is not feasible, block unauthenticated access to the affected REST endpoint, for example by configuring a web\u2011application firewall or .htaccess rule that rejects POST requests to the email route from unauthenticated users.", "If blocking the endpoint is impractical, modify or disable the email relay feature in the plugin\u2019s code or settings so that the email_to parameter is ignored unless authenticated requests are seen."], "summary": {"action": "Patch", "impact": "Unauthenticated Open Email Relay"}, "threat_synthesis": {"affected_systems": "All installations of the Cyberchimps Responsive Blocks \u2013 Page Builder for Blocks & Patterns WordPress plugin version 2.2.0 or earlier are affected. The vulnerability applies to any WordPress site that has not upgraded beyond this version.", "description_and_impact": "The Responsive Blocks \u2013 Page Builder for Blocks & Patterns plugin is vulnerable to an unauthenticated open email relay because the REST API route handling the email_to parameter lacks proper authentication checks and server\u2011side validation. An attacker can craft a request to this endpoint and supply any email address, causing the site to send emails on behalf of the server. This permits spammers or malicious actors to use the site\u2019s mail server to send arbitrary emails, potentially resulting in reputational damage, blacklisting, and phishing or spam campaigns. The weakness is a classic input validation and authorization flaw (CWE\u201120).", "risk_and_exploitability": "The CVSS score of 5.3 indicates moderate severity. No EPSS score is available, and the vulnerability is not listed in CISA\u2019s KEV catalog. The attack vector is unauthenticated; an attacker only needs to send a crafted HTTP request to the public REST endpoint with an email_to parameter. Successful exploitation is straightforward once the endpoint is reachable, but it does not provide remote code execution or other capabilities beyond email relay."}}}}, "created": "2026-04-21T15:37:55.175956+00:00", "updated": "2026-04-22T11:46:52.152389+00:00", "vendors": ["cyberchimps", "cyberchimps$PRODUCT$responsive_blocks_\u2013_page_builder_for_blocks_&_patterns", "wordpress", "wordpress$PRODUCT$wordpress"]}