CVE-2025-1626 – Qi Blocks WordPress Stored Cross-Site Scripting (XSS)

May 19, 2025

CVE ID : CVE-2025-1626

Published : May 19, 2025, 6:15 a.m. | 45 minutes ago

Description : The Qi Blocks WordPress plugin before 1.4 does not validate and escape some of its Countdown block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-1627 – Qi Blocks WordPress Stored Cross-Site Scripting Vulnerability

Next Article CVE-2025-1625 – Qi Blocks WordPress Stored Cross-Site Scripting Vulnerability

Mirantis reveals Lens Prism, an AI copilot for operating Kubernetes clusters

Avoid these common platform engineering mistakes

Full-Stack Techies vs Toptal: Which Is Better for React.js Outsourcing?

The AI productivity paradox in software engineering: Balancing efficiency and human skill retention

Microsoft Gaming studios head Matt Booty says “overall portfolio strategy is unchanged” — with more than 40 games in production

Capcom reports that its Steam game sales have risen massively — despite flagship titles like Monster Hunter Wilds receiving profuse backlash from PC players

Cloudflare is fighting to safeguard “the future of the web itself” — standing directly in the way of leading AI firms

Microsoft reportedly lacks the know-how to fully leverage OpenAI’s tech — despite holding IP rights

PHP 8.5.0 Alpha 1 available for testing

PHP 8.5.0 Alpha 1 available for testing

Recording cross browser compatible media

Celebrating Perficient’s Third Databricks Champion

Microsoft Gaming studios head Matt Booty says “overall portfolio strategy is unchanged” — with more than 40 games in production

Microsoft Gaming studios head Matt Booty says “overall portfolio strategy is unchanged” — with more than 40 games in production

Capcom reports that its Steam game sales have risen massively — despite flagship titles like Monster Hunter Wilds receiving profuse backlash from PC players

Cloudflare is fighting to safeguard “the future of the web itself” — standing directly in the way of leading AI firms

CVE-2025-1626 – Qi Blocks WordPress Stored Cross-Site Scripting (XSS)

CVE-2025-5372 – OpenSSL SSH Key Derivation Buffer Initialization Vulnerability

CVE-2025-6944 – Uncode Core WordPress Stored Cross-Site Scripting

Meta AI Proposes Multi-Token Attention (MTA): A New Attention Method which Allows LLMs to Condition their Attention Weights on Multiple Query and Key Vectors

CVE-2025-47733 – Microsoft Power Apps SSRF Vulnerability

A new era of cyber threats is approaching for the energy sector

File Shredder permanently deletes files

Those Blinking LEDs on Your Raspberry Pi Have Special Meanings

Do Reasoning Models Really Need Transformers?: Researchers from TogetherAI, Cornell, Geneva, and Princeton Introduce M1—A Hybrid Mamba-Based AI that Matches SOTA Performance at 3x Inference Speed

Fix Vibrant Visuals Greyed Out in Minecraft Bedrock

CVE-2025-47658 – ELEX WordPress HelpDesk & Customer Ticketing System Unrestricted File Upload RCE

CVE-2025-1626 – Qi Blocks WordPress Stored Cross-Site Scripting (XSS)

Related Posts