Does Qi Blocks have any unpatched vulnerabilities?

No. All known vulnerabilities in Qi Blocks have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Qi Blocks compatible with WordPress 6.9.4?

According to WordPress.org data, Qi Blocks 1.4.8 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Qi Blocks compatible with PHP 7.4+?

Qi Blocks requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Qi Blocks updated?

Qi Blocks was last updated on Jan 29, 2026. Frequent updates are generally a positive security signal.

What is Qi Blocks's security score?

Qi Blocks has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Qi Blocks Security & Risk Analysis

wordpress.org/plugins/qi-blocks

Qi Blocks is the largest collection of Gutenberg blocks developed by Qode Interactive.

60K active installs v1.4.8 PHP 7.4+ WP 5.8+ Updated Jan 29, 2026

blocksgutenberg-blockgutenberg-templatespatternswireframes

A · Safe

CVEs total9

Unpatched0

Last CVENov 14, 2025

Plugin page Download

Safety Verdict

Is Qi Blocks Safe to Use in 2026?

Generally Safe

Score 92/100

Qi Blocks has a strong security track record. Known vulnerabilities have been patched promptly.

9 known CVEsLast CVE: Nov 14, 2025Updated 2mo ago

Risk Assessment

The plugin 'qi-blocks' v1.4.8 exhibits a mixed security posture. On the positive side, static analysis reveals a relatively small attack surface with only two AJAX handlers, and critically, none of these are found to be unprotected by authentication checks. Furthermore, the code demonstrates good practices by heavily utilizing prepared statements for SQL queries (89%) and properly escaping a high percentage of output (89%). The presence of 14 capability checks and 2 nonce checks also indicates an effort towards securing certain functionalities. However, a significant concern arises from the plugin's vulnerability history, which shows a substantial number of past CVEs (9 total), including one high-severity and eight medium-severity vulnerabilities. Common patterns in these past issues include Improper Access Control, Missing Authorization, Cross-site Scripting, and PHP Remote File Inclusion, suggesting recurring weaknesses in input validation and authorization logic that have historically been exploited. While there are currently no unpatched vulnerabilities, the sheer volume and nature of past issues, coupled with the existence of file operations and external HTTP requests which can be vectors for exploitation if not handled carefully, present a notable risk.

Key Concerns

Significant past vulnerability history
Multiple medium and high severity past CVEs
History of XSS and RFI vulnerabilities
File operations present in code
External HTTP requests present in code
Some SQL queries not using prepared statements
Some output not properly escaped

Vulnerabilities

Qi Blocks Security Vulnerabilities

CVEs by Year

3 CVEs in 2024

2024

6 CVEs in 2025

2025

Patched Has unpatched

Severity Breakdown

High

Medium

9 total CVEs

CVE-2025-12182medium · 4.3Improper Access Control

Qi Blocks <= 1.4.3 - Missing Authorization to Arbitrary Attachment Resize

Nov 14, 2025 Patched in 1.4.4 (1d)

CVE-2025-12180medium · 4.3Missing Authorization

Qi Blocks <= 1.4.3 - Missing Authorization to Authenticated (Contributor+) Plugin Settings Update

Oct 31, 2025 Patched in 1.4.4 (1d)

CVE-2025-64383medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Qi Blocks <= 1.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

Aug 11, 2025 Patched in 1.4.4 (99d)

CVE-2025-1626medium · 5.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Qi Blocks <= 1.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Block

Apr 28, 2025 Patched in 1.4 (26d)

CVE-2025-1625medium · 5.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Qi Blocks <= 1.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Counter Block

Apr 28, 2025 Patched in 1.4 (26d)

CVE-2025-1627medium · 5.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Qi Blocks <= 1.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via ToC Block

Apr 28, 2025 Patched in 1.4 (26d)

CVE-2024-49690high · 8.8Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Qi Blocks <= 1.3.2 - Authenticated (Contributor+) Local File Inclusion

Oct 21, 2024 Patched in 1.3.3 (10d)

CVE-2024-38712medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Qi Blocks <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jul 11, 2024 Patched in 1.3.1 (7d)

CVE-2024-5221medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Qi Blocks <= 1.2.9 - Authenticated (Author+) Stored Cross-Site Scripting

Jun 5, 2024 Patched in 1.3.0 (1d)

Code Analysis

Analyzed Mar 16, 2026

Qi Blocks Code Analysis

Dangerous Functions

Raw SQL Queries

8 prepared

Unescaped Output

287 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

89% prepared9 total queries

Output Escaping

89% escaped323 total outputs

Attack Surface

Qi Blocks Attack Surface

Entry Points2

Unprotected0

AJAX Handlers 2

authwp_ajax_qi_blocks_action_setup_wizard_save_optionsinc\admin\admin-pages\sub-pages\setup-wizard\class-qi-blocks-admin-page-setup-wizard.php:36

authwp_ajax_qi_blocks_action_widget_save_optionsinc\admin\admin-pages\sub-pages\widgets\class-qi-blocks-admin-page-widgets.php:31

WordPress Hooks 66

actioninitclass-qi-blocks.php:37

filterbody_classclass-qi-blocks.php:40

filterupload_mimesclass-qi-blocks.php:43

filterwp_handle_upload_prefilterclass-qi-blocks.php:44

filterwp_check_filetype_and_extclass-qi-blocks.php:45

actionwp_enqueue_scriptsclass-qi-blocks.php:48

actionwp_enqueue_scriptsclass-qi-blocks.php:49

actioninitclass-qi-blocks.php:52

actionenqueue_block_editor_assetsclass-qi-blocks.php:55

actionenqueue_block_editor_assetsclass-qi-blocks.php:56

filterqi_blocks_filter_block_style_dependencyclass-qi-blocks.php:59

actionafter_setup_themeclass-qi-blocks.php:62

filterblock_categories_allhelpers\helper.php:30

filterblock_categorieshelpers\helper.php:32

filterqi_blocks_filter_main_editor_dependencieshelpers\helper.php:1876

filterplugin_row_metainc\admin\admin-pages\class-qi-blocks-admin-general-page.php:26

actioninitinc\admin\admin-pages\class-qi-blocks-admin-general-page.php:29

actionadmin_menuinc\admin\admin-pages\class-qi-blocks-admin-general-page.php:30

actionadmin_initinc\admin\admin-pages\class-qi-blocks-admin-general-page.php:32

actionadmin_initinc\admin\admin-pages\class-qi-blocks-admin-general-page.php:33

filteradmin_footer_textinc\admin\admin-pages\class-qi-blocks-admin-general-page.php:35

filteradmin_body_classinc\admin\admin-pages\class-qi-blocks-admin-general-page.php:37

actionadmin_enqueue_scriptsinc\admin\admin-pages\class-qi-blocks-admin-general-page.php:220

actionadmin_enqueue_scriptsinc\admin\admin-pages\class-qi-blocks-admin-general-page.php:221

filterqi_blocks_filter_add_sub_pageinc\admin\admin-pages\sub-pages\setup-wizard\class-qi-blocks-admin-page-setup-wizard.php:22

actionin_admin_headerinc\admin\admin-pages\sub-pages\setup-wizard\class-qi-blocks-admin-page-setup-wizard.php:31

filteradmin_body_classinc\admin\admin-pages\sub-pages\setup-wizard\class-qi-blocks-admin-page-setup-wizard.php:32

actionadmin_enqueue_scriptsinc\admin\admin-pages\sub-pages\setup-wizard\class-qi-blocks-admin-page-setup-wizard.php:34

filterqi_blocks_filter_add_sub_pageinc\admin\admin-pages\sub-pages\welcome\class-qi-blocks-admin-page-welcome.php:22

actionqi_blocks_action_additional_scriptsinc\admin\admin-pages\sub-pages\welcome\class-qi-blocks-admin-page-welcome.php:31

filterqi_blocks_filter_add_sub_pageinc\admin\admin-pages\sub-pages\widgets\class-qi-blocks-admin-page-widgets.php:22

filterqi_blocks_filter_localize_main_editor_jsinc\admin\fonts\class-qi-blocks-fonts.php:18

actioninitinc\admin\global-settings\typography\class-qi-blocks-global-settings-typography.php:14

actionwp_enqueue_scriptsinc\admin\global-settings\typography\class-qi-blocks-global-settings-typography.php:17

actionenqueue_block_editor_assetsinc\admin\global-settings\typography\class-qi-blocks-global-settings-typography.php:20

actioninitinc\admin\global-styles\class-qi-blocks-framework-global-styles.php:14

filterqi_blocks_filter_rest_api_routesinc\admin\global-styles\class-qi-blocks-framework-global-styles.php:17

filterqi_blocks_filter_localize_main_editor_jsinc\admin\global-styles\class-qi-blocks-framework-global-styles.php:20

actionwp_enqueue_scriptsinc\admin\global-styles\class-qi-blocks-framework-global-styles.php:24

actionenqueue_block_editor_assetsinc\admin\global-styles\class-qi-blocks-framework-global-styles.php:27

actioninitinc\blocks\class-qi-blocks-blocks.php:56

filtershould_load_separate_core_block_assetsinc\blocks\class-qi-blocks-blocks.php:59

actionwp_enqueue_scriptsinc\blocks\class-qi-blocks-blocks.php:62

actionenqueue_block_editor_assetsinc\blocks\class-qi-blocks-blocks.php:63

filterwpcf7_autop_or_notinc\blocks\contact-form-7\class-qi-blocks-contact-form-7-block.php:2345

filterqi_blocks_filter_localize_main_editor_jsinc\blocks\helper.php:324

filterqi_blocks_filter_rest_api_routesinc\blog\class-qi-blocks-blog-rest-api.php:14

filterqi_blocks_filter_rest_api_routesinc\comments\class-qi-blocks-comments-rest-api.php:13

filterqi_blocks_filter_rest_api_routesinc\contact-form-7\class-qi-blocks-contact-form-7-rest-api.php:13

actionplugins_loadedinc\deprecated\helper.php:23

actionqi_blocks_action_additional_3rd_party_scriptsinc\masonry\helper.php:19

actioninitinc\media\class-qi-blocks-media.php:14

actioninitinc\media\class-qi-blocks-media.php:17

filterqi_blocks_filter_rest_api_routesinc\media\class-qi-blocks-media.php:20

filtertheme_page_templatesinc\page-templates\class-qi-blocks-page-templates.php:17

actionadmin_initinc\page-templates\class-qi-blocks-page-templates.php:20

filtertemplate_includeinc\page-templates\class-qi-blocks-page-templates.php:23

filterwp_insert_post_datainc\page-templates\class-qi-blocks-page-templates.php:26

filterqi_blocks_filter_localize_main_editor_jsinc\rest\class-qi-blocks-rest-api.php:21

actionrest_api_initinc\rest\class-qi-blocks-rest-api.php:24

actionqi_blocks_action_additional_3rd_party_scriptsinc\slider\helper.php:21

filterqi_blocks_filter_block_style_dependencyinc\slider\helper.php:42

filterqi_blocks_filter_rest_api_routesinc\woocommerce\class-qi-blocks-woocommerce-rest-api.php:14

filterqi_blocks_filter_page_inline_style_page_idinc\woocommerce\class-qi-blocks-woocommerce-rest-api.php:17

filterqi_blocks_filter_localize_main_jsinc\woocommerce\class-qi-blocks-woocommerce-rest-api.php:20

filterbody_classinc\woocommerce\class-qi-blocks-woocommerce-rest-api.php:23

Maintenance & Trust

Qi Blocks Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 29, 2026

PHP min version7.4

Downloads794K

Community Trust

Rating100/100

Number of ratings5

Active installs60K

Alternatives

Qi Blocks Alternatives

Necessary Blocks – Page Builder, Gutenberg Blocks & Patterns

necessary-blocks

100

Gutenberg blocks to create sites in the Gutenberg Blocks Editor with 50+ necessary blocks, patterns, templates with lots of customizing features.

30 No CVEs

Spectra Gutenberg Blocks – Website Builder for the Block Editor

ultimate-addons-for-gutenberg

Power-up Gutenberg with advanced blocks for faster website creation. Build your WordPress website effortlessly using powerful building blocks!

1.0M 26 CVEs

Kadence Blocks — Page Builder Toolkit for Gutenberg Editor

kadence-blocks

20+ AI-powered Gutenberg Blocks with endless options, enabling top-notch efficiency for high-performance dynamic website creation.

600K 31 CVEs

Extendify

extendify

100

The best WordPress templates, pattern, and layout library with 1,000+ designs built for the Gutenberg block editor.

500K No CVEs

Page Builder: Pagelayer – Drag and Drop website builder

pagelayer

The most advanced frontend drag & drop page builder. Pagelayer is a light weight but extremely powerful Website Builder.

400K 25 CVEs

Developer Profile

Qi Blocks Developer Profile

Qode

12 plugins · 321K total installs

trust score

Avg Security Score

98/100

Avg Patch Time

47 days

View full developer profile

Detection Fingerprints

How We Detect Qi Blocks

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/qi-blocks/css/plugins/animate/animate.min.css/wp-content/plugins/qi-blocks/js/plugins/fslightbox/fslightbox.min.js/wp-content/plugins/qi-blocks/dist/grid.css/wp-content/plugins/qi-blocks/dist/main.css/wp-content/plugins/qi-blocks/dist/main.js/wp-content/plugins/qi-blocks/dist/grid-editor.css/wp-content/plugins/qi-blocks/dist/main-editor.css/wp-content/plugins/qi-blocks/dist/main-editor.js

Script Paths

/wp-content/plugins/qi-blocks/js/plugins/fslightbox/fslightbox.min.js/wp-content/plugins/qi-blocks/dist/main.js/wp-content/plugins/qi-blocks/dist/main-editor.js

Version Parameters

qi-blocks/dist/grid.css?ver=qi-blocks/dist/main.css?ver=qi-blocks/dist/main.js?ver=qi-blocks/dist/grid-editor.css?ver=qi-blocks/dist/main-editor.css?ver=qi-blocks/dist/main-editor.js?ver=

HTML / DOM Fingerprints

CSS Classes

qi-blocks-1.4.8qodef-gutenberg--touchqodef-gutenberg--no-touch

JS Globals

QI_BLOCKS_VERSIONQI_BLOCKS_ABS_PATHQI_BLOCKS_INC_PATHQI_BLOCKS_REL_PATHQI_BLOCKS_ASSETS_URL_PATH

FAQ

Qi Blocks Security & Risk Analysis

Is Qi Blocks Safe to Use in 2026?

Generally Safe

Key Concerns

Qi Blocks Security Vulnerabilities

CVEs by Year

Severity Breakdown

Qi Blocks Code Analysis

SQL Query Safety

Output Escaping

Qi Blocks Attack Surface

AJAX Handlers 2

Qi Blocks Maintenance & Trust

Maintenance Signals

Community Trust

Qi Blocks Alternatives

Necessary Blocks – Page Builder, Gutenberg Blocks & Patterns

Spectra Gutenberg Blocks – Website Builder for the Block Editor

Kadence Blocks — Page Builder Toolkit for Gutenberg Editor

Extendify

Page Builder: Pagelayer – Drag and Drop website builder

Qi Blocks Developer Profile

How We Detect Qi Blocks

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Qi Blocks