cleantalk
Vulnerabilities and Security Researches

Qi Blocks, CVE-2025-1627

CVE, Research URL

CVE-2025-1627

Home page URL

Security reports for Qi Blocks

Application

Qi Blocks

Published on
May 19, 2025
Research Description
The Qi Blocks WordPress plugin before 1.4 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
Affected versions
Min -, max 1.4.
Status
vulnerable
Previous vulnerability researches
NC Wishlist for Woocommerce (CVE-2025-22505) , Jan 11, 2025
Wishlist and Compare for WooCommerce (d16ff76f2758ae5cd2524881fb65080698c295c3) , Jun 07, 2024
Premmerce Wishlist for WooCommerce (4c9caab2147a94d57962bebff673865579b6c3bf) , Jun 06, 2024
Premmerce Wishlist for WooCommerce (CVE-2022-4974) , Nov 15, 2024
Wishlist for WooCommerce (CVE-2025-24657) , Jan 26, 2025
New vulnerability
WordPress Gallery Plugin – NextGEN Gallery (CVE-2024-5878) , May 21, 2025
Pretty Links – Affiliate Links, Link Branding, Link Tracking & Marketing Plugin (CVE-2025-48247) , May 21, 2025
Qi Blocks (CVE-2025-1626) , May 21, 2025
Qi Blocks (CVE-2025-1625) , May 21, 2025
Qi Blocks (CVE-2025-1627) , May 21, 2025