CVE-2025-1625

Name of the Vulnerable Software and Affected Versions: Qi Blocks WordPress plugin versions prior to 1.4

Description: The issue concerns a Stored Cross-Site Scripting attack. It is caused by the plugin not validating and escaping some of its Counter block options before outputting them back in a page or post where the block is embedded. This could allow users with the contributor role and above to perform such attacks.

Recommendations: For versions prior to 1.4, update to version 1.4 or later to resolve the issue. As a temporary workaround, consider restricting the use of the Counter block options to minimize the risk of exploitation.