83 matches found
CVE-2026-10096
The Qi Blocks plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.4.9 via the 'pageid' parameter due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with author-level access and above, t...
CVE-2026-10096 Qi Blocks <= 1.4.9 - Insecure Direct Object Reference to Authenticated (Author+) Arbitrary Style Modification via 'page_id' Parameter
The Qi Blocks plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.4.9 via the 'pageid' parameter due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with author-level access and above, t...
CVE-2026-10096
The Qi Blocks WordPress plugin is vulnerable to Insecure Direct Object Reference in all versions up to and including 1.4.9 via the page_id parameter. Authenticated users with author-level access can modify stored Qi Blocks styles on arbitrary posts, templates, or widgets, including site-wide surf...
EUVD-2026-40936
The Qi Blocks plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.4.9 via the 'pageid' parameter due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with author-level access and above, t...
WordPress Qi Blocks plugin <= 1.4.9 - Insecure Direct Object Reference to Authenticated (Author+) Arbitrary Style Modification vulnerability
Insecure Direct Object Reference to Authenticated Author+ Arbitrary Style Modification vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Qi Blocks versions = 1.4.9...
CVE-2025-1627
The Qi Blocks WordPress plugin before 1.4 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
WordPress Qi Blocks plugin < 1.4 - Contributor+ Stored XSS via ToC Block vulnerability
Contributor+ Stored XSS via ToC Block vulnerability discovered by Krugov Artyom in WordPress Plugin Qi Blocks versions 1.4...
WordPress Qi Blocks plugin < 1.4 - Contributor+ Stored XSS vi Countdown Block vulnerability
Contributor+ Stored XSS vi Countdown Block vulnerability discovered by Krugov Artyom in WordPress Plugin Qi Blocks versions 1.4...
WordPress Qi Blocks plugin cross-site scripting vulnerability
WordPress Qi Blocks plugin is a WordPress block plugin developed by QodeInteractive, providing 48 free blocks and 33 premium blocks 81 in total, covering categories such as typography, infographics, form styles, content display, etc., and supporting highly customizable and flexible website buildi...
CVE-2025-12182
The Qi Blocks plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the resizeimagecallback function in all versions up to, and including, 1.4.3. This is due to the plugin not properly verifying that a user has permission to resize a specific attachment...
EUVD-2025-197683
The Qi Blocks plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the resizeimagecallback function in all versions up to, and including, 1.4.3. This is due to the plugin not properly verifying that a user has permission to resize a specific attachment...
CVE-2025-12182
The Qi Blocks plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the resizeimagecallback function in all versions up to, and including, 1.4.3. This is due to the plugin not properly verifying that a user has permission to resize a specific attachment...
CVE-2025-12182 Qi Blocks <= 1.4.3 - Missing Authorization to Arbitrary Attachment Resize
The Qi Blocks plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the resizeimagecallback function in all versions up to, and including, 1.4.3. This is due to the plugin not properly verifying that a user has permission to resize a specific attachment...
CVE-2025-12182 Qi Blocks <= 1.4.3 - Missing Authorization to Arbitrary Attachment Resize
The Qi Blocks plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the resizeimagecallback function in all versions up to, and including, 1.4.3. This is due to the plugin not properly verifying that a user has permission to resize a specific attachment...
CVE-2025-12182
The CVE-2025-12182 entry concerns Qi Blocks for WordPress (versions
PT-2025-47039
Name of the Vulnerable Software and Affected Versions Qi Blocks versions prior to 1.4.4 Description The Qi Blocks plugin for WordPress has a flaw that allows unauthorized access due to a missing capability check on the resize image callback function. This occurs because the plugin does not verify...
WordPress plugin Qi Blocks 访问控制错误漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. An Access...
WordPress Qi Blocks plugin <= 1.4.3 - Missing Authorization to Arbitrary Attachment Resize vulnerability
Missing Authorization to Arbitrary Attachment Resize vulnerability discovered by Adrian Lukita in WordPress Plugin Qi Blocks versions = 1.4.3...
CVE-2025-64383
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Qode Qi Blocks qi-blocks allows Stored XSS.This issue affects Qi Blocks: from n/a through = 1.4.3...
EUVD-2025-163765
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Qode Qi Blocks qi-blocks allows Stored XSS.This issue affects Qi Blocks: from n/a through = 1.4.3...