Stored Cross-site Scripting Vulnerability in Qi Blocks by Qode
CVE-2025-64383

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: Qi Blocks
Vendor: CVE Published:; 13 November 2025

What is CVE-2025-64383?

The improper handling of user input in Qode's Qi Blocks plugin can lead to Stored Cross-site Scripting (XSS) attacks. This vulnerability allows attackers to inject malicious scripts that can be stored on the server and executed in users' browsers when they visit affected pages. As a result, unauthorized users may gain access to sensitive information or perform actions on behalf of the affected user.

Affected Version(s)

Qi Blocks <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Plugin/qi-b...

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 13, 2025
Vulnerability Reserved
Oct 31, 2025

Credit

Denver Jackson | Patchstack Bug Bounty Program

JSON