WordPress Qi Blocks plugin < 1.4 - Contributor+ Stored XSS vi Countdown Block vulnerability

Contributor+ Stored XSS vi Countdown Block vulnerability discovered by Krugov Artyom in WordPress Plugin Qi Blocks versions 1.4...

EUVD-2025-13604

Malicious code in bioql PyPI...

CVE-2025-8607 SlingBlocks – Gutenberg Blocks by FunnelKit (Formerly WooFunnels) <= 1.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The SlingBlocks – Gutenberg Blocks by FunnelKit Formerly WooFunnels plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown block's attributes in all versions up to, and including, 1.6.0 due to insufficient input sanitization and output escaping on user suppli...

CVE-2025-8607

The CVE-2025-8607 applies to SlingBlocks – Gutenberg Blocks by FunnelKit (formerly WooFunnels) for WordPress. It describes a Stored Cross-Site Scripting vulnerability in the Countdown block attributes due to insufficient input sanitization and output escaping, exploitable by authenticated attacke...

CVE-2024-3588

The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown block in all versions up to, and including, 2.0.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2021-24633

The Countdown Block WordPress plugin before 1.1.2 does not have authorisation in the ebwriteblockcss AJAX action, which allows any authenticated user, such as Subscriber, to modify post contents displayed to users...

CVE-2025-1626

CVE-2025-1626 : Qi Blocks WordPress plugin prior to 1.4 fails to validate/escape Countdown block options, enabling stored XSS for users with the contributor role or higher when the block is embedded in a page/post. Affected: Qi Blocks

WordPress plugin Qi Blocks 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on servers running PHP and MySQL. A security vulnerability exists in the...

PT-2025-21884 · WordPress · Qi Blocks

Name of the Vulnerable Software and Affected Versions: Qi Blocks WordPress plugin versions prior to 1.4 Description: The issue concerns a Stored Cross-Site Scripting attack. It is caused by the Qi Blocks WordPress plugin not validating and escaping some of its Countdown block options before...

CVE-2025-2893

The Gutenverse – Ultimate Block Addons and Page Builder for Site Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's countdown Block in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping on user supplied...

SKT Addons for Elementor < 1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Block

Description The SKT Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown Block in versions up to, and including, 1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2024-3588

The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown block in all versions up to, and including, 2.0.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-3588 Getwid – Gutenberg Blocks <= 2.0.7 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via 'Countdown'

The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown block in all versions up to, and including, 2.0.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2021-24633

The Countdown Block WordPress plugin before 1.1.2 does not have authorisation in the ebwriteblockcss AJAX action, which allows any authenticated user, such as Subscriber, to modify post contents displayed to users...

CVE-2021-24633

The Countdown Block WordPress plugin before 1.1.2 does not have authorisation in the ebwriteblockcss AJAX action, which allows any authenticated user, such as Subscriber, to modify post contents displayed to users...

Design/Logic Flaw

The Countdown Block WordPress plugin before 1.1.2 does not have authorisation in the ebwriteblockcss AJAX action, which allows any authenticated user, such as Subscriber, to modify post contents displayed to users...

CVE-2021-24633

The CVE concerns the Countdown Block WordPress plugin (versions before 1.1.2). The issue is missing authorization in the eb_write_block_css AJAX action, enabling any authenticated user (e.g., Subscriber) to modify post contents displayed to users, impacting integrity of content. The root cause is...

WordPress 插件 访问控制错误漏洞

WordPress Plugin is an open source application plugin for WordPress. An Access Control Error vulnerability exists in the WordPress plugin Countdown Block, which arises from a network system or product that does not properly restrict access to resources from unauthorized roles...

WordPress Countdown Block plugin <= 1.1.1 - Missing Authorisation in AJAX action vulnerability

Missing Authorisation in AJAX action vulnerability discovered by apple502j in WordPress Countdown Block plugin versions = 1.1.1. Solution Update the WordPress Countdown Block plugin to the latest available version at least 1.1.2...