4 matches found
CVE-2025-1626
The Qi Blocks WordPress plugin before 1.4 does not validate and escape some of its Countdown block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2025-1626
creationtimestamp| type| source ---|---|--- 2025-05-19 06:38:54+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/16809...
CVE-2025-1626
The Qi Blocks WordPress plugin before 1.4 does not validate and escape some of its Countdown block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2025-1626 Qi Blocks < 1.4 - Contributor+ Stored XSS vi Countdown Block
The Qi Blocks WordPress plugin before 1.4 does not validate and escape some of its Countdown block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...