CVE-2025-12182

Name of the Vulnerable Software and Affected Versions Qi Blocks versions prior to 1.4.4

Description The Qi Blocks plugin for WordPress has a flaw that allows unauthorized access due to a missing capability check on the resize image callback() function. This occurs because the plugin does not verify if a user has the necessary permission to resize a specific attachment. Authenticated attackers with Contributor-level access or higher can resize media library images belonging to other users. This can lead to unintended file writes, increased disk consumption, and server resource abuse through the processing of large images.

Recommendations Update Qi Blocks to version 1.4.4 or later.