CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

432 matches found

RedhatCVE•added 2025/11/02 5:44 a.m.•11 views

CVE-2025-12180

The Qi Blocks plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.4.3. This is due to the plugin storing arbitrary CSS styles submitted via the qi-blocks/v1/update-styles REST API endpoint without proper sanitization in the updateglobalstylescallbac...

4.3CVSS6.3AI score0.00195EPSS

Exploits0References1

CVE•added 2025/11/01 5:40 a.m.•9 views

CVE-2025-12180

CVE-2025-12180 – Qi Blocks (WordPress) | Normal mode Affected software: Qi Blocks plugin for WordPress (versions up to 1.4.3).Root cause: Missing authorization due to improper sanitization in the qi-blocks/v1/update-styles REST endpoint, handled in update_global_styles_callback().Impact: Authenti...

4.3CVSS5.8AI score0.00195EPSS

Exploits0References3

Vulnrichment•added 2025/11/01 5:40 a.m.•3 views

CVE-2025-12180 Qi Blocks <= 1.4.3 - Missing Authorization to Authenticated (Contributor+) Plugin Settings Update

4.3CVSS5.8AI score0.00195EPSS

Exploits0References3

CNNVD•added 2025/11/01 12:0 a.m.•4 views

WordPress plugin Qi Blocks 安全漏洞

WordPress Qi Blocks plugin is a WordPress plugin developed by QodeInteractive, providing 81 customized Gutenberg blocks including 48 free modules and 33 premium modules, supporting WooCommerce, SEO and other 9 categories of functionality, creating complex layouts and integrating 550+ templates. A...

4.3CVSS7AI score0.00195EPSS

Exploits0References4

Positive Technologies•added 2025/11/01 12:0 a.m.•3 views

PT-2025-44713

Name of the Vulnerable Software and Affected Versions Qi Blocks plugin for WordPress versions up to and including 1.4.3 Description The Qi Blocks plugin for WordPress is susceptible to a missing authorization issue. The plugin stores arbitrary CSS styles submitted through the...

4.3CVSS6.2AI score0.00195EPSS

Exploits0References9

CVE•added 2025/10/27 9:25 p.m.•12 views

CVE-2025-62793

Summary: CVE-2025-62793 affects eLabFTW, an open-source electronic lab notebook. The root cause is that the application served uploaded SVG files inline, allowing SVGs with active content to execute scripts when viewed. This enables stored XSS under the application origin, potentially leading to ...

6.8CVSS5.8AI score0.00214EPSS

Exploits0References2

OSV•added 2025/10/27 9:25 p.m.•2 views

CVE-2025-62793 eLabFTW HTML / CSS Injection via Malicious SVG Upload Leads to Credential Theft / Clickjacking

eLabFTW is an open source electronic lab notebook for research labs. The application served uploaded SVG files inline. Because SVG supports active content, an attacker could upload a crafted SVG that executes script when viewed, resulting in stored XSS under the application origin. A victim who...

6.8CVSS6.2AI score0.00214EPSS

Exploits0References4