6 matches found
CVE-2023-0376
CVE-2023-0376 concerns the Qubely WordPress plugin. The vulnerability affects versions prior to 1.8.5 and arises because certain block options are not properly validated/escaped before being output in a page or post when a block is embedded. This can allow stored cross-site scripting (XSS) by use...
CVE-2024-13228
CVE-2024-13228 affects the WordPress plugin “Qubely – Advanced Gutenberg Blocks” up to version 1.8.13. The issue is a Sensitive Information Exposure via the qubely_get_content function, allowing authenticated attackers with Contributor-level access or higher to extract sensitive post data (privat...
CVE-2025-26767
CVE-2025-26767 affects WordPress plugin Qubely – Advanced Gutenberg Blocks (versions from n/a through 1.8.12). The issue is caused by improper neutralization of input during web page generation, enabling Stored XSS. Affected component: Qubely blocks code path that renders pages can store maliciou...
CVE-2024-9601
CVE-2024-9601 (Qubely – Advanced Gutenberg Blocks, WordPress) is an authenticated Stored Cross-Site Scripting vulnerability in which the attacker, with Contributor-level access or higher, can inject arbitrary scripts via the align and UniqueID parameters. The issue affects all versions up to 1.8....
CVE-2021-25013
CVE-2021-25013 affects the WordPress plugin Qubely prior to version 1.7.8. The issue is missing authorization and CSRF checks on the qubely_delete_saved_block AJAX action and failure to verify that the block to be deleted belongs to the plugin, enabling any authenticated user (e.g., a subscriber)...
CVE-2021-24916
CVE-2021-24916 affects the Qubely WordPress plugin prior to 1.8.6. An unauthenticated attacker can use the qubely_send_form_data AJAX action to send arbitrary emails to arbitrary recipients. Root cause described as broken access control on the AJAX endpoint. CVSS v3.1 base score 7.5 HIGH (Network...