Qubely
Monthly
Stored cross-site scripting (XSS) in Themeum Qubely WordPress plugin version 1.8.14 and earlier allows authenticated high-privilege users to inject malicious scripts that execute in the browsers of other site visitors, compromising session integrity and enabling credential theft or malware distribution. The vulnerability requires administrator authentication and user interaction (UI:R), limiting immediate risk, but stored persistence means injected payloads remain active until remediated. EPSS exploitation probability is extremely low at 0.03%, suggesting minimal real-world targeting despite public disclosure.
Stored cross-site scripting (XSS) in Themeum Qubely WordPress plugin version 1.8.14 and earlier allows authenticated high-privilege users to inject malicious scripts that execute in the browsers of other site visitors, compromising session integrity and enabling credential theft or malware distribution. The vulnerability requires administrator authentication and user interaction (UI:R), limiting immediate risk, but stored persistence means injected payloads remain active until remediated. EPSS exploitation probability is extremely low at 0.03%, suggesting minimal real-world targeting despite public disclosure.