Every CVE whose affected-product data names Themeum Qubely, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2021-24916 — CVSS 7.5 (high): The Qubely WordPress plugin before 1.8.6 allows unauthenticated user to send arbitrary e-mails to arbitrary addresses via the…
CVE-2021-25013 — CVSS 6.5 (medium): The Qubely WordPress plugin before 1.7.8 does not have authorisation and CSRF check on the qubely_delete_saved_block AJAX action, and does…
CVE-2024-9601 — CVSS 6.5 (medium): The Qubely – Advanced Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ and…
CVE-2025-26767 — CVSS 6.5 (medium): Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeum Qubely qubely allows Stored…
CVE-2023-0376 — CVSS 5.4 (medium): The Qubely WordPress plugin before 1.8.5 does not validate and escape some of its block options before outputting them back in a page/post…
CVE-2024-13228 — CVSS 4.3 (medium): The Qubely – Advanced Gutenberg Blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and…