cleantalk
Vulnerabilities and Security Researches

Qi Blocks, CVE-2025-1625

CVE, Research URL

CVE-2025-1625

Home page URL

Security reports for Qi Blocks

Application

Qi Blocks

Published on
May 19, 2025
Research Description
The Qi Blocks WordPress plugin before 1.4 does not validate and escape some of its Counter block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
Affected versions
Min -, max 1.4.
Status
vulnerable
Previous vulnerability researches
NinjaTeam Chat for Telegram (CVE-2024-11885) , Dec 25, 2024
New vulnerability
WordPress Gallery Plugin – NextGEN Gallery (CVE-2024-5878) , May 21, 2025
Pretty Links – Affiliate Links, Link Branding, Link Tracking & Marketing Plugin (CVE-2025-48247) , May 21, 2025
Qi Blocks (CVE-2025-1626) , May 21, 2025
Qi Blocks (CVE-2025-1625) , May 21, 2025
Qi Blocks (CVE-2025-1627) , May 21, 2025