Lucene search
K

83 matches found

NVD
NVD
added 2026/07/01 8:16 a.m.9 views

CVE-2026-10096

The Qi Blocks plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.4.9 via the 'pageid' parameter due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with author-level access and above, t...

4.3CVSS0.00196EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/07/01 7:53 a.m.41 views

CVE-2026-10096 Qi Blocks <= 1.4.9 - Insecure Direct Object Reference to Authenticated (Author+) Arbitrary Style Modification via 'page_id' Parameter

The Qi Blocks plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.4.9 via the 'pageid' parameter due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with author-level access and above, t...

4.3CVSS0.00196EPSS
Exploits0References5
CVE
CVE
added 2026/07/01 7:53 a.m.14 views

CVE-2026-10096

The Qi Blocks WordPress plugin is vulnerable to Insecure Direct Object Reference in all versions up to and including 1.4.9 via the page_id parameter. Authenticated users with author-level access can modify stored Qi Blocks styles on arbitrary posts, templates, or widgets, including site-wide surf...

4.3CVSS5.9AI score0.00196EPSS
Exploits0References5
EUVD
EUVD
added 2026/07/01 7:53 a.m.8 views

EUVD-2026-40936

The Qi Blocks plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.4.9 via the 'pageid' parameter due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with author-level access and above, t...

4.3CVSS5.9AI score0.00196EPSS
Exploits0References5
Patchstack
Patchstack
added 2026/06/30 7:7 p.m.6 views

WordPress Qi Blocks plugin <= 1.4.9 - Insecure Direct Object Reference to Authenticated (Author+) Arbitrary Style Modification vulnerability

Insecure Direct Object Reference to Authenticated Author+ Arbitrary Style Modification vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Qi Blocks versions = 1.4.9...

4.3CVSS5.8AI score0.00196EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/07 9:54 a.m.16 views

CVE-2025-1627

The Qi Blocks WordPress plugin before 1.4 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.4CVSS5.9AI score0.00203EPSS
Exploits1References1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.10 views

WordPress Qi Blocks plugin < 1.4 - Contributor+ Stored XSS via ToC Block vulnerability

Contributor+ Stored XSS via ToC Block vulnerability discovered by Krugov Artyom in WordPress Plugin Qi Blocks versions 1.4...

5.4CVSS5.9AI score0.00203EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.11 views

WordPress Qi Blocks plugin < 1.4 - Contributor+ Stored XSS vi Countdown Block vulnerability

Contributor+ Stored XSS vi Countdown Block vulnerability discovered by Krugov Artyom in WordPress Plugin Qi Blocks versions 1.4...

5.4CVSS5.9AI score0.00203EPSS
Exploits1References1Affected Software1
CNVD
CNVD
added 2025/11/18 12:0 a.m.2 views

WordPress Qi Blocks plugin cross-site scripting vulnerability

WordPress Qi Blocks plugin is a WordPress block plugin developed by QodeInteractive, providing 48 free blocks and 33 premium blocks 81 in total, covering categories such as typography, infographics, form styles, content display, etc., and supporting highly customizable and flexible website buildi...

6.5CVSS6.1AI score0.00155EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/16 3:50 a.m.25 views

CVE-2025-12182

The Qi Blocks plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the resizeimagecallback function in all versions up to, and including, 1.4.3. This is due to the plugin not properly verifying that a user has permission to resize a specific attachment...

4.3CVSS5.4AI score0.00214EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/15 6:30 a.m.6 views

EUVD-2025-197683

The Qi Blocks plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the resizeimagecallback function in all versions up to, and including, 1.4.3. This is due to the plugin not properly verifying that a user has permission to resize a specific attachment...

4.3CVSS5AI score0.00214EPSS
Exploits0References4
NVD
NVD
added 2025/11/15 4:15 a.m.5 views

CVE-2025-12182

The Qi Blocks plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the resizeimagecallback function in all versions up to, and including, 1.4.3. This is due to the plugin not properly verifying that a user has permission to resize a specific attachment...

4.3CVSS0.00214EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/11/15 3:27 a.m.4 views

CVE-2025-12182 Qi Blocks <= 1.4.3 - Missing Authorization to Arbitrary Attachment Resize

The Qi Blocks plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the resizeimagecallback function in all versions up to, and including, 1.4.3. This is due to the plugin not properly verifying that a user has permission to resize a specific attachment...

4.3CVSS5AI score0.00214EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/11/15 3:27 a.m.11 views

CVE-2025-12182 Qi Blocks <= 1.4.3 - Missing Authorization to Arbitrary Attachment Resize

The Qi Blocks plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the resizeimagecallback function in all versions up to, and including, 1.4.3. This is due to the plugin not properly verifying that a user has permission to resize a specific attachment...

4.3CVSS0.00214EPSS
Exploits0References3
CVE
CVE
added 2025/11/15 3:27 a.m.18 views

CVE-2025-12182

The CVE-2025-12182 entry concerns Qi Blocks for WordPress (versions

4.3CVSS5AI score0.00214EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/11/15 12:0 a.m.4 views

PT-2025-47039

Name of the Vulnerable Software and Affected Versions Qi Blocks versions prior to 1.4.4 Description The Qi Blocks plugin for WordPress has a flaw that allows unauthorized access due to a missing capability check on the resize image callback function. This occurs because the plugin does not verify...

4.3CVSS6.3AI score0.00214EPSS
Exploits0References7
CNNVD
CNNVD
added 2025/11/15 12:0 a.m.7 views

WordPress plugin Qi Blocks 访问控制错误漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. An Access...

4.3CVSS6.4AI score0.00214EPSS
Exploits0References4
Patchstack
Patchstack
added 2025/11/14 11:7 p.m.8 views

WordPress Qi Blocks plugin <= 1.4.3 - Missing Authorization to Arbitrary Attachment Resize vulnerability

Missing Authorization to Arbitrary Attachment Resize vulnerability discovered by Adrian Lukita in WordPress Plugin Qi Blocks versions = 1.4.3...

4.3CVSS6.8AI score0.00214EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/11/14 10:11 a.m.11 views

CVE-2025-64383

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Qode Qi Blocks qi-blocks allows Stored XSS.This issue affects Qi Blocks: from n/a through = 1.4.3...

6.5CVSS6AI score0.00155EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/13 12:31 p.m.7 views

EUVD-2025-163765

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Qode Qi Blocks qi-blocks allows Stored XSS.This issue affects Qi Blocks: from n/a through = 1.4.3...

6.5CVSS5.5AI score0.00155EPSS
Exploits0References2
Rows per page
Query Builder