cleantalk
Vulnerabilities and Security Researches

Qubely – Advanced Gutenberg Blocks, CVE-2021-25013

CVE, Research URL

CVE-2021-25013

Home page URL

Security reports for Qubely – Advanced Gutenberg Blocks

Application

Qubely – Advanced Gutenberg Blocks

Published on
Jan 24, 2022
Research Description
The Qubely WordPress plugin before 1.7.8 does not have authorisation and CSRF check on the qubely_delete_saved_block AJAX action, and does not ensure that the block to be deleted belong to the plugin, as a result, any authenticated users, such as subscriber can delete arbitrary posts
Affected versions
Min -, max 1.8.5.
Status
vulnerable
Previous vulnerability researches
Qubely – Advanced Gutenberg Blocks (CVE-2024-9601) , Feb 19, 2025
Qubely – Advanced Gutenberg Blocks (CVE-2024-13228) , Mar 11, 2025
Qubely – Advanced Gutenberg Blocks (CVE-2025-26767) , Feb 18, 2025
Qubely – Advanced Gutenberg Blocks (CVE-2021-24916) , Jun 07, 2024
Qubely – Advanced Gutenberg Blocks (CVE-2021-25013) , Jun 07, 2024
New vulnerability
GDPR Cookie Compliance (CCPA, DSGVO, Cookie Consent) (CVE-2025-2205) , Mar 13, 2025
GDPR Cookie Compliance (CCPA, DSGVO, Cookie Consent) (CVE-2025-1622) , Mar 13, 2025
ProductDyno (CVE-2024-13413) , Mar 13, 2025
NEX-Forms – Ultimate Form Builder – Contact forms and much more (CVE-2024-13498) , Mar 13, 2025
REST API TO MiniProgram (CVE-2025-28886) , Mar 12, 2025