WordPress Plugin Vulnerabilities

Gutenberg & Elementor Templates Importer For Responsive < 3.2.0 - Missing Authorization

Description

The Gutenberg & Elementor Templates Importer For Responsive plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the create_items function in versions up to, and including, 3.1.9. This makes it possible for unauthenticated attackers to create items through the REST endpoint.

Affects Plugins

Plugin icon
responsive-add-ons
Fixed in 3.2.0

References

CVE
CVE-2025-47486
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/7299e46f-6cff-4ecc-8c2b-100c26907c91

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Marek Mikita
Verified
No
WPVDB ID
6aaa4382-cba5-49ae-b046-d59e1f795249

Timeline

Publicly Published
2025-05-07 (about 1 year ago)
Added
2025-05-12 (about 1 year ago)
Last Updated
2025-05-12 (about 1 year ago)

Other

Published
Title
Published
2026-01-07
Title
Dashboard Welcome for Beaver Builder <= 1.0.8 - Missing Authorization
Published
2025-11-11
Title
Chat Help < 3.1.4 - Missing Authorization
Published
2026-03-02
Title
VW Photography < 1.3.9 - Missing Authorization
Published
2026-06-01
Title
JTL-Connector for WooCommerce <= 2.4.1 - Missing Authorization to Authenticated (Subscriber+) Settings Modification via Multiple Functions
Published
2025-06-13
Title
Premmerce User Roles < 1.0.14 - Missing Authorization