Stored Cross-site Scripting Vulnerability in Qi Blocks by Qode
CVE-2025-64383

Currently unrated

Key Information:

Vendor

WordPress
Status
Qi Blocks
Vendor
CVE Published:
13 November 2025

What is CVE-2025-64383?

The improper handling of user input in Qode's Qi Blocks plugin can lead to Stored Cross-site Scripting (XSS) attacks. This vulnerability allows attackers to inject malicious scripts that can be stored on the server and executed in users' browsers when they visit affected pages. As a result, unauthorized users may gain access to sensitive information or perform actions on behalf of the affected user.

Affected Version(s)

Qi Blocks <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Plugin/qi-b...
vdb-entry

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Denver Jackson | Patchstack Bug Bounty Program
JSON
.
CVE-2025-64383 : Stored Cross-site Scripting Vulnerability in Qi Blocks by Qode