PT-2026-33914 · WordPress · Responsive Blocks
Even Stokkedalen
·
Published
2026-04-21
·
Updated
2026-04-21
·
CVE-2026-6675
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Responsive Blocks – Page Builder for Blocks & Patterns versions prior to 2.2.1
Description
Insufficient authorization checks and missing server-side validation of the recipient email address supplied via a public REST API route allow unauthenticated attackers to send arbitrary emails to any recipient. This effectively turns the affected WordPress site's mail server into an open mail relay.
Recommendations
Update to a version later than 2.2.0.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Responsive Blocks