cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-0376,https://securityvulnerability.io/vulnerability/CVE-2023-0376,Qubely < 1.8.5 - Contributor+ Stored XSS,"The Qubely WordPress plugin fails to properly validate and escape specific block options before rendering them in a page or post. This oversight presents a vulnerability that could enable users with contributor roles or higher to execute Stored Cross-Site Scripting (XSS) attacks. By exploiting this weakness, an attacker may insert malicious scripts into the pages, posing significant security risks to users who engage with the affected content.",Wordpress,Qubely,5.4,MEDIUM,0.0005200000014156103,false,,false,false,true,true,false,false,2024-01-16T15:55:51.086Z,0
CVE-2021-24916,https://securityvulnerability.io/vulnerability/CVE-2021-24916,Qubely < 1.8.6 - Unauthenticated Arbitrary E-mail Sending,"The Qubely WordPress plugin, prior to version 1.8.6, exhibits an email sending vulnerability that enables unauthenticated users to exploit the qubely_send_form_data AJAX action. This flaw allows attackers to send arbitrary emails to any desired address, potentially leading to spam or phishing attacks. Users of the plugin are advised to upgrade to the latest version to mitigate this risk.",Wordpress,Qubely,7.5,HIGH,0.001290000043809414,false,,false,false,false,,false,false,2023-08-07T14:31:23.983Z,0
CVE-2021-25013,https://securityvulnerability.io/vulnerability/CVE-2021-25013,Qubely < 1.7.8 - Subscriber+ Arbitrary Post Deletion,"The Qubely WordPress plugin before 1.7.8 does not have authorisation and CSRF check on the qubely_delete_saved_block AJAX action, and does not ensure that the block to be deleted belong to the plugin, as a result, any authenticated users, such as subscriber can delete arbitrary posts",Wordpress,Qubely – Advanced Gutenberg Blocks,6.5,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2022-01-24T08:01:08.000Z,0