cleantalk
Vulnerabilities and Security Researches

Qi Blocks, CVE-2025-1627

CVE, Research URL

CVE-2025-1627

Home page URL

Security reports for Qi Blocks

Application

Qi Blocks

Published on
May 19, 2025
Research Description
The Qi Blocks WordPress plugin before 1.4 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
Affected versions
Min -, max 1.4.
Status
vulnerable
Previous vulnerability researches
BLAZE Retail Widget (CVE-2024-6297) , Jul 22, 2024
BLAZE Retail Widget (5aa63b7aac05249d22e77bf0bcbe643aaba6f01b) , Jun 26, 2024
New vulnerability
WordPress Gallery Plugin – NextGEN Gallery (CVE-2024-5878) , May 21, 2025
Pretty Links – Affiliate Links, Link Branding, Link Tracking & Marketing Plugin (CVE-2025-48247) , May 21, 2025
Qi Blocks (CVE-2025-1626) , May 21, 2025
Qi Blocks (CVE-2025-1625) , May 21, 2025
Qi Blocks (CVE-2025-1627) , May 21, 2025