CVE-2025-1625 – Qi Blocks WordPress Stored Cross-Site Scripting Vulnerability

May 19, 2025

CVE ID : CVE-2025-1625

Published : May 19, 2025, 6:15 a.m. | 45 minutes ago

Description : The Qi Blocks WordPress plugin before 1.4 does not validate and escape some of its Counter block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-1626 – Qi Blocks WordPress Stored Cross-Site Scripting (XSS)

Next Article CVE-2025-4912 – SourceCodester Student Result Management System Image File Handler Remote Path Traversal Vulnerability

Mirantis reveals Lens Prism, an AI copilot for operating Kubernetes clusters

Avoid these common platform engineering mistakes

Full-Stack Techies vs Toptal: Which Is Better for React.js Outsourcing?

The AI productivity paradox in software engineering: Balancing efficiency and human skill retention

Microsoft Gaming studios head Matt Booty says “overall portfolio strategy is unchanged” — with more than 40 games in production

Capcom reports that its Steam game sales have risen massively — despite flagship titles like Monster Hunter Wilds receiving profuse backlash from PC players

Cloudflare is fighting to safeguard “the future of the web itself” — standing directly in the way of leading AI firms

Microsoft reportedly lacks the know-how to fully leverage OpenAI’s tech — despite holding IP rights

PHP 8.5.0 Alpha 1 available for testing

PHP 8.5.0 Alpha 1 available for testing

Recording cross browser compatible media

Celebrating Perficient’s Third Databricks Champion

Microsoft Gaming studios head Matt Booty says “overall portfolio strategy is unchanged” — with more than 40 games in production

Microsoft Gaming studios head Matt Booty says “overall portfolio strategy is unchanged” — with more than 40 games in production

Capcom reports that its Steam game sales have risen massively — despite flagship titles like Monster Hunter Wilds receiving profuse backlash from PC players

Cloudflare is fighting to safeguard “the future of the web itself” — standing directly in the way of leading AI firms

CVE-2025-1625 – Qi Blocks WordPress Stored Cross-Site Scripting Vulnerability

CVE-2025-5372 – OpenSSL SSH Key Derivation Buffer Initialization Vulnerability

CVE-2025-6944 – Uncode Core WordPress Stored Cross-Site Scripting

Intel’s former CEO speaks out — “I wanted to finish what I started”

Amazon’s Starlink challenger set for launch – here’s when you’ll be able to use it

CVE-2025-24916 – Tenable Network Monitor Local Privilege Escalation

CVE-2025-48471 – FreeScout Apache Remote Code Execution Vulnerability

Qualcomm waarschuwt voor misbruik van GPU-lekken in Androidtelefoons

Xbox and PC’s best L4D alternative has a new class gameplay video for you

CVE-2025-6697 – LabRedesCefetRJ WeGIA Cross Site Scripting Vulnerability

One of the best gaming chairs we’ve given a 5-star rating to is now available to purchase in the UK

CVE-2025-1625 – Qi Blocks WordPress Stored Cross-Site Scripting Vulnerability

Related Posts