qodeinteractive 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
公開された問題は vendor risk file inclusion、vendor risk cross-site scripting, and パス処理の欠陥 に関連することが多く、vendor surface software deployment and vendor surface production workloads の文脈で ファイル上書き and vendor impact unauthorized access などの暴露リスクを伴う場合があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2025-1626 | The Qi Blocks WordPress plugin before 1.4 does not validate and escape some of its Countdown block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | [email protected] | 5.4 | 0.20% | 2025-05-19 | 2026-06-17 |
| CVE-2025-1625 | The Qi Blocks WordPress plugin before 1.4 does not validate and escape some of its Counter block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | [email protected] | 5.4 | 0.26% | 2025-05-19 | 2026-06-17 |
| CVE-2024-13699 | The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘cursor’ parameter in all versions up to, and including, 1.8.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The vulnerability was partially patched in versions 1.8.5, 1.8.6, and 1.8.7. | [email protected] | 6.4 | 0.36% | 2025-02-04 | 2026-06-17 |
| CVE-2024-50457 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Qode Qode Essential Addons qode-essential-addons.This issue affects Qode Essential Addons: from n/a through <= 1.6.3. | [email protected] | 7.5 | 0.54% | 2024-10-28 | 2026-06-17 |
| CVE-2024-49690 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Qode Qi Blocks qi-blocks.This issue affects Qi Blocks: from n/a through <= 1.3.2. | [email protected] | 7.5 | 0.54% | 2024-10-23 | 2026-06-17 |
| CVE-2024-9530 | The Qi Addons For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.0 via private templates. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including the contents of templates that are private. | [email protected] | 4.3 | 0.39% | 2024-10-23 | 2026-06-17 |
| CVE-2024-38712 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Qode Qi Blocks qi-blocks.This issue affects Qi Blocks: from n/a through <= 1.3. | [email protected] | 6.5 | 0.26% | 2024-07-20 | 2026-06-17 |
| CVE-2024-4887 | The Qi Addons For Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.7.2 via the 'behavior' attributes found in the qi_addons_for_elementor_blog_list shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary .php files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achi | [email protected] | 7.5 | 0.63% | 2024-06-07 | 2026-06-17 |
| CVE-2024-5221 | The Qi Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's file uploader in all versions up to, and including, 1.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | [email protected] | 6.4 | 0.25% | 2024-06-06 | 2026-06-17 |
| CVE-2024-4364 | The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's button widgets in all versions up to, and including, 1.7.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | [email protected] | 6.4 | 0.33% | 2024-06-06 | 2026-06-17 |
| CVE-2023-47679 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in QODE Interactive Qi Addons For Elementor allows PHP Local File Inclusion.This issue affects Qi Addons For Elementor: from n/a through 1.6.3. | [email protected] | 6.4 | 0.50% | 2024-05-17 | 2026-06-17 |
| CVE-2024-3309 | The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown Widget's attributes in all versions up to, and including, 1.7.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | [email protected] | 6.4 | 0.32% | 2024-04-27 | 2026-06-17 |
| CVE-2024-0826 | The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 1.6.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | [email protected] | 6.4 | 0.61% | 2024-04-09 | 2026-06-17 |
| CVE-2023-47840 | Improper Control of Generation of Code ('Code Injection') vulnerability in Qode Interactive Qode Essential Addons.This issue affects Qode Essential Addons: from n/a through 1.5.2. | [email protected] | 9.9 | 1.41% | 2023-12-29 | 2026-06-17 |
| CVE-2023-47680 | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Qode Interactive Qi Addons For Elementor plugin <= 1.6.3 versions. | [email protected] | 6.5 | 0.41% | 2023-11-13 | 2026-06-17 |
| CVE-2023-40333 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Qode Interactive Bridge Core plugin <= 3.0.9 versions. | [email protected] | 7.1 | 0.32% | 2023-09-27 | 2026-06-17 |
| CVE-2017-13138 | DOM based Cross-site scripting (XSS) vulnerability in the Bridge theme before 11.2 for WordPress allows remote attackers to inject arbitrary JavaScript. | [email protected] | 6.1 | 1.19% | 2017-08-23 | 2026-06-16 |