Qubely – Advanced Gutenberg Blocks

Vulnerabilities 15Slug qubelyLatest version 1.8.14WordPress.org →

Minimum safe version

1.8.14

Update to 1.8.14 or later to address 12 fixable vulnerabilities

Latest available1.8.14 ✓⚠ 3 vulnerabilities have no fix

Medium 4.3 Unfixed

2025-09-22≤ 1.8.14

CVE-2025-58663

CVE Wordfence EUVD

Medium 4.3 Unfixed

2025-09-22≤ 1.8.14

CVE-2025-58249

CVE Wordfence EUVD

Medium 5.9 Unfixed

2026-04-08≤ 1.8.14

CVE-2026-39638

CVE EUVD Wordfence

Medium 4.3

2025-03-11< 1.8.14

CVE-2024-13228

CVE EUVD Wordfence

Medium 6.5

2025-02-14< 1.8.13

Qubely – Advanced Gutenberg Blocks <= 1.8.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'align' and 'UniqueID'

EUVD Wordfence CVE

Medium 6.5

2025-02-16< 1.8.13

CVE-2025-26767

CVE EUVD Patchstack Wordfence

Medium 5.4

2024-01-16< 1.8.5

CVE-2023-0376

CVE WPScan

High 7.5

2023-08-08< 1.8.6

WordPress Qubely – Advanced Gutenberg Blocks Plugin < 1.8.6 is vulnerable to Broken Access Control

Patchstack CVE Wordfence WPScan

N/A

< 1.8.1

Qubely < 1.8.1 - Authenticated Arbitrary Settings Update

WPScan

N/A

2023-02-07< 1.8.5

WordPress Qubely – Advanced Gutenberg Blocks Plugin <= 1.8.4 is vulnerable to Cross Site Scripting (XSS)

Patchstack

N/A

2023-02-06< 1.8.5

Quebely <= 1.8.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'className' Block Option

Wordfence

N/A

2022-06-06< 1.7.9

Qubely <= 1.7.8 - Missing Authorization

Wordfence

N/A

2022-06-14< 1.8.1

Qubely <= 1.7.9 - Incorrect Authorization

Wordfence

N/A

2022-06-06< 1.8.1

WordPress Qubely plugin <= 1.8.0 - Authenticated Arbitrary Settings Update vulnerability

Patchstack

Medium 6.5

2022-01-24< 1.7.8

CVE-2021-25013

CVE Wordfence Patchstack WPScan