CVE-2025-1627 – Qi Blocks WordPress Stored Cross-Site Scripting Vulnerability

May 19, 2025

CVE ID : CVE-2025-1627

Published : May 19, 2025, 6:15 a.m. | 45 minutes ago

Description : The Qi Blocks WordPress plugin before 1.4 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-2524 – Ninja Forms WordPress Stored Cross-Site Scripting Vulnerability

Next Article CVE-2025-1626 – Qi Blocks WordPress Stored Cross-Site Scripting (XSS)

Mirantis reveals Lens Prism, an AI copilot for operating Kubernetes clusters

Avoid these common platform engineering mistakes

Full-Stack Techies vs Toptal: Which Is Better for React.js Outsourcing?

The AI productivity paradox in software engineering: Balancing efficiency and human skill retention

Microsoft Gaming studios head Matt Booty says “overall portfolio strategy is unchanged” — with more than 40 games in production

Capcom reports that its Steam game sales have risen massively — despite flagship titles like Monster Hunter Wilds receiving profuse backlash from PC players

Cloudflare is fighting to safeguard “the future of the web itself” — standing directly in the way of leading AI firms

Microsoft reportedly lacks the know-how to fully leverage OpenAI’s tech — despite holding IP rights

PHP 8.5.0 Alpha 1 available for testing

PHP 8.5.0 Alpha 1 available for testing

Recording cross browser compatible media

Celebrating Perficient’s Third Databricks Champion

Microsoft Gaming studios head Matt Booty says “overall portfolio strategy is unchanged” — with more than 40 games in production

Microsoft Gaming studios head Matt Booty says “overall portfolio strategy is unchanged” — with more than 40 games in production

Capcom reports that its Steam game sales have risen massively — despite flagship titles like Monster Hunter Wilds receiving profuse backlash from PC players

Cloudflare is fighting to safeguard “the future of the web itself” — standing directly in the way of leading AI firms

CVE-2025-1627 – Qi Blocks WordPress Stored Cross-Site Scripting Vulnerability

CVE-2025-5372 – OpenSSL SSH Key Derivation Buffer Initialization Vulnerability

CVE-2025-6944 – Uncode Core WordPress Stored Cross-Site Scripting

Exploring the Sparse Frontier: How Researchers from Edinburgh, Cohere, and Meta Are Rethinking Attention Mechanisms for Long-Context LLMs

Adobe Releases Patch Fixing 254 Vulnerabilities, Closing High-Severity Security Gaps

Patching Vulnerabilities Faster Reduces Risks & Lower Cyber Risk Index

CSS Intelligence: Speculating On The Future Of A Smarter Language

NCSC Uncovers “UMBRELLA STAND” Malware: Stealthy Backdoor Targets Fortinet FortiGate Firewalls

7 types of web design, How to make?

How E.ON saves £10 million annually with AI diagnostics for smart meters powered by Amazon Textract

Ello privacy – what you need to know

CVE-2025-1627 – Qi Blocks WordPress Stored Cross-Site Scripting Vulnerability

Related Posts