Lucene search
K

6 matches found

CVE
CVE
added 2024/01/16 3:55 p.m.76 views

CVE-2023-0376

CVE-2023-0376 concerns the Qubely WordPress plugin. The vulnerability affects versions prior to 1.8.5 and arises because certain block options are not properly validated/escaped before being output in a page or post when a block is embedded. This can allow stored cross-site scripting (XSS) by use...

5.4CVSS5.3AI score0.00745EPSS
CVE
CVE
added 2025/03/11 7:5 a.m.63 views

CVE-2024-13228

CVE-2024-13228 affects the WordPress plugin “Qubely – Advanced Gutenberg Blocks” up to version 1.8.13. The issue is a Sensitive Information Exposure via the qubely_get_content function, allowing authenticated attackers with Contributor-level access or higher to extract sensitive post data (privat...

6.5CVSS6.7AI score0.00331EPSS
CVE
CVE
added 2025/02/16 10:17 p.m.63 views

CVE-2025-26767

CVE-2025-26767 affects WordPress plugin Qubely – Advanced Gutenberg Blocks (versions from n/a through 1.8.12). The issue is caused by improper neutralization of input during web page generation, enabling Stored XSS. Affected component: Qubely blocks code path that renders pages can store maliciou...

6.5CVSS5.9AI score0.00201EPSS
CVE
CVE
added 2025/02/14 6:40 a.m.55 views

CVE-2024-9601

CVE-2024-9601 (Qubely – Advanced Gutenberg Blocks, WordPress) is an authenticated Stored Cross-Site Scripting vulnerability in which the attacker, with Contributor-level access or higher, can inject arbitrary scripts via the align and UniqueID parameters. The issue affects all versions up to 1.8....

6.5CVSS7.4AI score0.003EPSS
CVE
CVE
added 2022/01/24 8:1 a.m.53 views

CVE-2021-25013

CVE-2021-25013 affects the WordPress plugin Qubely prior to version 1.7.8. The issue is missing authorization and CSRF checks on the qubely_delete_saved_block AJAX action and failure to verify that the block to be deleted belongs to the plugin, enabling any authenticated user (e.g., a subscriber)...

6.5CVSS6.4AI score0.00429EPSS
Web
CVE
CVE
added 2023/08/07 2:31 p.m.49 views

CVE-2021-24916

CVE-2021-24916 affects the Qubely WordPress plugin prior to 1.8.6. An unauthenticated attacker can use the qubely_send_form_data AJAX action to send arbitrary emails to arbitrary recipients. Root cause described as broken access control on the AJAX endpoint. CVSS v3.1 base score 7.5 HIGH (Network...

7.5CVSS7.6AI score0.01535EPSS
Web