WP-Safety

Qubely – Advanced Gutenberg Blocks Security & Risk Analysis

wordpress.org/plugins/qubely

Readymade gutenberg blocks and sections with rich customization options. Enhance Gutenberg editor with easy UI and functional blocks.

9K active installs v1.8.14 PHP 7.0+ WP 5.3+ Updated Mar 10, 2025
blockblockseditorgutenberggutenberg-blocks
46
D · High Risk
CVEs total9
Unpatched2
Last CVESep 22, 2025
Plugin page Download
Safety Verdict

Is Qubely – Advanced Gutenberg Blocks Safe to Use in 2026?

High Risk

Score 46/100

Qubely – Advanced Gutenberg Blocks carries significant security risk with 9 known CVEs, 2 still unpatched. Consider switching to a maintained alternative.

9 known CVEs 2 unpatched Last CVE: Sep 22, 2025Updated 1yr ago
Risk Assessment

The Qubely plugin version 1.8.14 exhibits a mixed security posture. While it demonstrates good practices in areas like SQL query preparation and output escaping, significant concerns arise from its attack surface, particularly its unprotected entry points. The plugin exposes 10 out of 13 total entry points (AJAX handlers and REST API routes) without proper authentication or permission checks, creating a substantial risk for unauthorized access and potential malicious actions. The taint analysis found no critical or high severity unsanitized flows, which is a positive indicator, but the lack of authorization checks on so many entry points can allow attackers to reach vulnerable code paths that might not be apparent in static analysis alone.

The plugin's vulnerability history is deeply concerning, with 9 known medium severity CVEs, two of which remain unpatched. The recurring nature of vulnerabilities, including Missing Authorization and Cross-site Scripting, coupled with the recent discovery of flaws in late 2025, suggests a pattern of security weaknesses that the development team has struggled to consistently address. The presence of unpatched vulnerabilities, even at a medium severity, poses an immediate risk to users. While the plugin has strengths in certain secure coding practices, the high number of unprotected entry points and the persistent vulnerability history present a significant security risk that warrants careful consideration and prompt patching.

Key Concerns

  • Unpatched CVEs
  • High number of unprotected AJAX handlers
  • High number of unprotected REST API routes
  • Recurring vulnerability types (Missing Auth, XSS)
Vulnerabilities
9

Qubely – Advanced Gutenberg Blocks Security Vulnerabilities

CVEs by Year

1 CVE in 2021
2021
2 CVEs in 2022
2022
2 CVEs in 2023
2023
4 CVEs in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Medium
9

9 total CVEs

CVE-2025-58663medium · 5.4Missing Authorization

Qubely <= 1.8.14 - Missing Authorization

Sep 22, 2025Unpatched
CVE-2025-58249medium · 4.3Exposure of Sensitive Information to an Unauthorized Actor

Qubely <= 1.8.14 - Authenticated (Contributor+) Sensitive Information Exposure

Sep 22, 2025Unpatched
CVE-2024-13228medium · 4.3Exposure of Private Personal Information to an Unauthorized Actor

Qubely – Advanced Gutenberg Blocks <= 1.8.13 - Authenticated (Contributor+) Sensitive Information Exposure via qubely_get_content

Mar 10, 2025 Patched in 1.8.14 (1d)
CVE-2024-9601medium · 6.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Qubely – Advanced Gutenberg Blocks <= 1.8.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'align' and 'UniqueID'

Feb 13, 2025 Patched in 1.8.13 (5d)
CVE-2021-24916medium · 5.3Incorrect Authorization

Qubely – Advanced Gutenberg Blocks <= 1.8.5 - Insufficient Authorization

Jul 17, 2023 Patched in 1.8.6 (326d)
CVE-2023-0376medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Quebely <= 1.8.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'className' Block Option

Feb 6, 2023 Patched in 1.8.5 (351d)
WF-86f3c549-2cdd-4294-bc62-0892e94ddbb7-qubelymedium · 5.4Incorrect Authorization

Qubely <= 1.7.9 - Incorrect Authorization

Jun 14, 2022 Patched in 1.8.1 (588d)
WF-7681a661-21bd-42fb-ac97-1da808435520-qubelymedium · 5.4Missing Authorization

Qubely <= 1.7.8 - Missing Authorization

Jun 6, 2022 Patched in 1.7.9 (596d)
CVE-2021-25013medium · 5.4Missing Authorization

Qubely <= 1.7.7 - Missing Authorization to Arbitrary Post Deletion

Dec 27, 2021 Patched in 1.7.8 (757d)
Code Analysis
Analyzed Mar 16, 2026

Qubely – Advanced Gutenberg Blocks Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
3
123 escaped
Nonce Checks
3
Capability Checks
12
File Operations
16
External Requests
1
Bundled Libraries
0

Output Escaping

98% escaped126 total outputs
Data Flows
All sanitized

Data Flow Analysis

3 flows
ajax_update_qubely_options (core\admin-views\Settings.php:58)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
10 unprotected

Qubely – Advanced Gutenberg Blocks Attack Surface

Entry Points13
Unprotected10

AJAX Handlers 5

authwp_ajax_update_qubely_optionscore\admin-views\Settings.php:15
authwp_ajax_qubely_send_form_datacore\QUBELY.php:57
noprivwp_ajax_qubely_send_form_datacore\QUBELY.php:58
authwp_ajax_qubely_add_to_cartcore\QUBELY.php:60
noprivwp_ajax_qubely_add_to_cartcore\QUBELY.php:61

REST API Routes 8

GET/wp-json/qubely/v1/global_settings/core\QUBELY.php:920
GET/wp-json/qubely/v1/get_saved_preset/core\QUBELY.php:942
GET/wp-json/qubely/v1/save_block_css/core\QUBELY.php:957
GET/wp-json/qubely/v1/qubely_get_content/core\QUBELY.php:972
GET/wp-json/qubely/v1/append_qubely_css/core\QUBELY.php:987
GET/wp-json/qubely/v1/append_reusable_css/core\QUBELY.php:1001
GET/wp-json/qubely/v1/get_qubely_optionscore\QUBELY.php:1016
GET/wp-json/qubely/v1/add_qubely_optionscore\QUBELY.php:1031
WordPress Hooks 29
actionadmin_initcore\admin-views\Settings.php:14
actioninitcore\blocks\postgrid.php:1543
actioninitcore\Options.php:16
actionadmin_menucore\Options.php:17
actionenqueue_block_editor_assetscore\QUBELY.php:26
actionadmin_enqueue_scriptscore\QUBELY.php:29
filterblock_categories_allcore\QUBELY.php:33
filterblock_categoriescore\QUBELY.php:35
actionwp_enqueue_scriptscore\QUBELY.php:39
actionwp_enqueue_scriptscore\QUBELY.php:41
actionadmin_headcore\QUBELY.php:44
actionwp_footercore\QUBELY.php:45
actionrest_api_initcore\QUBELY.php:54
actiondelete_postcore\QUBELY.php:55
actioninitcore\QUBELY.php:64
filteradmin_body_classcore\QUBELY.php:67
filterbody_classcore\QUBELY.php:68
actionwp_enqueue_scriptscore\QUBELY.php:71
actionadmin_enqueue_scriptscore\QUBELY.php:72
actionqubely_active_theme_presetcore\QUBELY.php:74
actionwp_enqueue_scriptscore\QUBELY.php:1439
actionwp_headcore\QUBELY.php:1441
filtertemplate_includecore\Template.php:14
actioninitqubely.php:20
actionadmin_noticesqubely.php:55
actionadmin_noticesqubely.php:57
actionrest_api_initqubely.php:215
actioninitqubely.php:228
actionafter_setup_themequbely.php:236
Maintenance & Trust

Qubely – Advanced Gutenberg Blocks Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedMar 10, 2025
PHP min version7.0
Downloads520K

Community Trust

Rating80/100
Number of ratings66
Active installs9K
Alternatives

Qubely – Advanced Gutenberg Blocks Alternatives

Spectra Gutenberg Blocks – Website Builder for the Block Editor

Spectra Gutenberg Blocks – Website Builder for the Block Editor

ultimate-addons-for-gutenberg

A
92

Power-up Gutenberg with advanced blocks for faster website creation. Build your WordPress website effortlessly using powerful building blocks!

1.0M 26 CVEs
Kadence Blocks — Page Builder Toolkit for Gutenberg Editor

Kadence Blocks — Page Builder Toolkit for Gutenberg Editor

kadence-blocks

A
86

20+ AI-powered Gutenberg Blocks with endless options, enabling top-notch efficiency for high-performance dynamic website creation.

600K 31 CVEs
Page Builder: Pagelayer – Drag and Drop website builder

Page Builder: Pagelayer – Drag and Drop website builder

pagelayer

A
88

The most advanced frontend drag & drop page builder. Pagelayer is a light weight but extremely powerful Website Builder.

400K 25 CVEs
Superb Addons: Blocks, Patterns & Theme Designer for the Block Editor & FSE

Superb Addons: Blocks, Patterns & Theme Designer for the Block Editor & FSE

superb-blocks

A
100

Create beautiful WordPress websites easily with 10+ blocks, 200+ patterns, 100+ pre-built pages, animations and Theme Designer. No coding needed!

80K No CVEs
GutenKit – Page Builder Blocks, Patterns, and Templates for Gutenberg Block Editor

GutenKit – Page Builder Blocks, Patterns, and Templates for Gutenberg Block Editor

gutenkit-blocks-addon

A
93

GutenKit – Ultimate no-code Gutenberg blocks to design stunning web pages and visually stunning posts in WordPress block editor.

70K 3 CVEs
Developer Profile

Qubely – Advanced Gutenberg Blocks Developer Profile

Themeum

14 plugins · 675K total installs

70
trust score
Avg Security Score
87/100
Avg Patch Time
269 days
View full developer profile
Detection Fingerprints

How We Detect Qubely – Advanced Gutenberg Blocks

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/qubely/assets/css/qubely-styles.css/wp-content/plugins/qubely/assets/css/qubely-editor-styles.css/wp-content/plugins/qubely/assets/js/qubely-block.js/wp-content/plugins/qubely/assets/js/qubely-editor.js/wp-content/plugins/qubely/assets/js/qubely-backend.js
Script Paths
/wp-content/plugins/qubely/assets/js/qubely-block.js/wp-content/plugins/qubely/assets/js/qubely-editor.js
Version Parameters
qubely/assets/css/qubely-styles.css?ver=qubely/assets/css/qubely-editor-styles.css?ver=qubely/assets/js/qubely-block.js?ver=qubely/assets/js/qubely-editor.js?ver=qubely/assets/js/qubely-backend.js?ver=

HTML / DOM Fingerprints

CSS Classes
qubely-editor-block
HTML Comments
<!-- Qubely Block Start --><!-- Qubely Block End -->
Data Attributes
data-qubely-block
JS Globals
qubely_block_dataqubely_localize
REST Endpoints
/wp-json/qubely
FAQ

Frequently Asked Questions about Qubely – Advanced Gutenberg Blocks