Even Stokkedalen

**Name of the Vulnerable Software and Affected Versions** Responsive Blocks – Page Builder for Blocks & Patterns versions prior to 2.2.1 **Description** Insufficient authorization checks and missing server-side validation of the recipient email address supplied via a public REST API route allow unauthenticated attackers to send arbitrary emails to any recipient. This effectively turns the affected WordPress site's mail server into an open mail relay. **Recommendations** Update to a version later than 2.2.0.

**Name of the Vulnerable Software and Affected Versions** Responsive Blocks – Page Builder for Blocks & Patterns versions prior to 2.2.2 **Description** The plugin fails to properly verify if a user is authorized to perform specific actions. This allows authenticated attackers with contributor-level access or higher to modify global site-wide configuration options. Affected settings include the ability to toggle custom CSS, disable blocks, change layout defaults such as content width, container padding, and container gap, and alter auto-block-recovery behavior. **Recommendations** Update to a version newer than 2.2.1.