CVE Details
Basic Information
| Title |
CVE-2025-1627 |
| Type |
cve |
| Published |
2025-05-19T06:15:18 |
| Last Seen |
2025-05-19T06:22:27 |
CVSS Information
| Base Score |
0.0 () |
| Attack Vector |
|
| Attack Complexity |
|
| Privileges Required |
|
| User Interaction |
|
| Scope |
|
| Confidentiality Impact |
|
| Integrity Impact |
|
| Availability Impact |
|
AI Analysis
| AI Description |
The Qi Blocks WordPress plugin before version 1.4 is vulnerable to a stored cross-site scripting (XSS) attack. This vulnerability allows users with the contributor role or higher to inject malicious scripts into pages or posts that use the plugin’s blocks. The issue arises because the plugin does not properly validate and escape some of its block options before outputting them back in the content. This could lead to unauthorized actions or data theft if an attacker tricks an administrator into viewing a malicious post. |
| AI Severity |
Medium |
| Vendor |
WordPress Community |
| Product |
Qi Blocks |
| Affected Version |
<1.4 |
Additional Information
| CVE List |
CVE-2025-1627 |
| CWE List |
|
| Bulletin Family |
cve |
Description
The Qi Blocks WordPress plugin before 1.4 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor…
CVSS Score Summary
Base Score: %!f(string=#) ()
View Full CVE Details
