Skip to main content

Cubewp

2 CVEs product

Monthly

CVE-2025-4315 HIGH PATCH This Week

CubeWP - All-in-One Dynamic Content Framework plugin for WordPress versions up to 1.1.23 contains a privilege escalation vulnerability that allows authenticated attackers with Subscriber-level access to elevate their privileges to administrator through arbitrary user meta manipulation. The vulnerability exploits improper access controls on the update_user_meta() function, enabling account takeover and full site compromise. No active exploitation in the wild has been confirmed at this time, but the low attack complexity and high impact make this a critical remediation priority.

WordPress Privilege Escalation PHP Cubewp
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2024-30500 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in CubeWP CubeWP - All-in-One Dynamic Content Framework.1.12. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Cubewp
NVD
CVSS 3.1
9.9
EPSS
0.8%
EPSS 0% CVSS 8.8
HIGH PATCH This Week

CubeWP - All-in-One Dynamic Content Framework plugin for WordPress versions up to 1.1.23 contains a privilege escalation vulnerability that allows authenticated attackers with Subscriber-level access to elevate their privileges to administrator through arbitrary user meta manipulation. The vulnerability exploits improper access controls on the update_user_meta() function, enabling account takeover and full site compromise. No active exploitation in the wild has been confirmed at this time, but the low attack complexity and high impact make this a critical remediation priority.

WordPress Privilege Escalation PHP +1
NVD
EPSS 1% CVSS 9.9
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in CubeWP CubeWP - All-in-One Dynamic Content Framework.1.12. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Cubewp
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy