CVE-2025-4315

| EUVD-2025-18093 HIGH
2025-06-11 [email protected]
8.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
Mar 14, 2026 - 21:09 vuln.today
EUVD ID Assigned
Mar 14, 2026 - 21:09 euvd
EUVD-2025-18093
Patch Released
Mar 14, 2026 - 21:09 nvd
Patch available
CVE Published
Jun 11, 2025 - 10:15 nvd
HIGH 8.8

Tags

WordPress Privilege Escalation PHP Cubewp

Description

The CubeWP - All-in-One Dynamic Content Framework plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.1.23. This is due to the plugin allowing a user to update arbitrary user meta through the update_user_meta() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to elevate their privileges to that of an administrator.

Analysis

CubeWP - All-in-One Dynamic Content Framework plugin for WordPress versions up to 1.1.23 contains a privilege escalation vulnerability that allows authenticated attackers with Subscriber-level access to elevate their privileges to administrator through arbitrary user meta manipulation. The vulnerability exploits improper access controls on the update_user_meta() function, enabling account takeover and full site compromise. No active exploitation in the wild has been confirmed at this time, but the low attack complexity and high impact make this a critical remediation priority.

Technical Context

The vulnerability exists in the CubeWP WordPress plugin (CPE: wp:cubewp) and stems from CWE-269 (Improper Access Control) in the handling of user metadata updates. The plugin fails to properly validate and restrict which user meta fields can be modified and who can modify them. Specifically, the update_user_meta() function, which is a legitimate WordPress API for modifying user profile metadata, is exposed through the plugin's interface without adequate authorization checks. An authenticated user can craft requests to modify sensitive meta fields (such as wp_capabilities or wp_user_level) that determine WordPress role and capability assignments. This allows direct escalation from Subscriber to Administrator role without triggering standard WordPress capability validation. The root cause is inadequate privilege context checking before processing user metadata modifications—the plugin assumes all authenticated users have consistent permission levels for all meta operations.

Affected Products

CubeWP – All-in-One Dynamic Content Framework (1.0.0 through 1.1.23 (inclusive))

Remediation

Upgrade CubeWP plugin to version 1.1.24 or later when available; priority: Critical; timeline: Immediate Immediate Mitigation: Disable user registration on WordPress sites running CubeWP <= 1.1.23 to eliminate the primary attack vector (Subscriber role creation); priority: High; timeline: Immediate Access Control: Restrict plugin access to trusted administrators only; disable plugin if not actively in use; priority: High; timeline: Immediate Monitoring: Audit WordPress user meta tables (wp_usermeta) for unexpected capability changes; monitor error logs for update_user_meta() calls from untrusted users; priority: Medium; timeline: Immediate Contingency: Maintain current WordPress admin user list and compare against database records; prepare for potential account takeover incidents; priority: Medium; timeline: Immediate

Priority Score

44
Low Medium High Critical
KEV: 0
EPSS: +0.1
CVSS: +44
POC: 0

Share

CVE-2025-4315 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy