This vulnerability (CVE-2024-43335) in CyberChimps Responsive Blocks – WordPress Gutenberg Blocks is due to improper input sanitization leading to stored cross-site scripting (CWE-79). Attackers can inject malicious scripts that persist and execute in the context of users viewing affected pages. The issue affects all versions up to 1.8.8. The CVSS 3.1 base score is 6.5, reflecting network attack vector, low attack complexity, requiring privileges and user interaction, with impacts on confidentiality, integrity, and availability at a low level. No patch or official fix has been published yet, and no known active exploitation has been reported.

Successful exploitation could allow an attacker with some privileges and requiring user interaction to execute arbitrary scripts in the context of the affected site, potentially leading to partial disclosure of information, modification of content, or disruption of service. The impact is rated as medium severity, reflecting limited but non-negligible risk to confidentiality, integrity, and availability.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, users should consider restricting privileges for users who can input content into the affected blocks and apply general WordPress security best practices to limit exposure. Monitor official CyberChimps channels for updates regarding patches or mitigations.