CVE-2024-49690

CVE-2024-49690 is a Local File Inclusion vulnerability in WordPress Qi Blocks (Qi Blocks)

CVE-2024-5221

The CVE-2024-5221 entry concerns the Qi Blocks WordPress plugin. Public records here show a Stored XSS vulnerability in the plugin’s file uploader affecting all versions up to and including 1.2.9, caused by insufficient input sanitization and output escaping. Exploitation requires authentication ...

CVE-2024-38712

CVE-2024-38712 affects Qode Interactive Qi Blocks (WordPress) up to version 1.3. The issue is a Stored XSS caused by improper input neutralization during web page generation, allowing attacker-supplied script to be stored and later executed in users’ browsers. Exploitation details and patch/versi...

CVE-2025-1625

CVE-2025-1625 refers to a Stored Cross-Site Scripting (XSS) vulnerability in Qi Blocks WordPress plugin prior to version 1.4. The issue arises because some Counter block options are not validated or escaped before output in a page or post where the block is embedded. This could allow users with t...

CVE-2025-1626

CVE-2025-1626 : Qi Blocks WordPress plugin prior to 1.4 fails to validate/escape Countdown block options, enabling stored XSS for users with the contributor role or higher when the block is embedded in a page/post. Affected: Qi Blocks

CVE-2025-1627

Affected software: Qi Blocks WordPress plugin (versions prior to 1.4). Issue: The plugin does not validate and escape certain block options before output in a page/post where the ToC block is embedded, enabling Stored XSS for users with the contributor role and above. Impact (as stated): Stored C...