3 matches found
CVE-2024-5221
The Qi Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's file uploader in all versions up to, and including, 1.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and...
CVE-2024-5221
The CVE-2024-5221 entry concerns the Qi Blocks WordPress plugin. Public records here show a Stored XSS vulnerability in the plugin’s file uploader affecting all versions up to and including 1.2.9, caused by insufficient input sanitization and output escaping. Exploitation requires authentication ...
WordPress Qi Blocks Plugin <= 1.2.9 is vulnerable to Cross Site Scripting (XSS)
Software Qi Blocks Type Plugin Vulnerable versions = 1.2.9 Fixed in 1.3.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5221 Patch priority Low CVSS severity Low 5.9 Developer Qode Interactive PSID 7421a294030a Credits wesley wcraft Required...