Vulnerabilities > Themeum > Qubely > 1.8.4

DATE CVE VULNERABILITY TITLE RISK
2025-02-14 CVE-2024-9601 Cross-site Scripting vulnerability in Themeum Qubely
The Qubely – Advanced Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ and 'UniqueID' parameter in all versions up to, and including, 1.8.12 due to insufficient input sanitization and output escaping.
network
low complexity
themeum CWE-79
5.4
5.4
2024-01-16 CVE-2023-0376 Cross-site Scripting vulnerability in Themeum Qubely
The Qubely WordPress plugin before 1.8.5 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
network
low complexity
themeum CWE-79
5.4
5.4
2023-08-07 CVE-2021-24916 Unspecified vulnerability in Themeum Qubely
The Qubely WordPress plugin before 1.8.6 allows unauthenticated user to send arbitrary e-mails to arbitrary addresses via the qubely_send_form_data AJAX action.
network
low complexity
themeum
7.5
7.5