Vulnerabilities and security researches forcubewp-framework cubewp-framework
Direction: ascendingJun 07, 2024
CubeWP – All-in-One Dynamic Content Framework # CVE-2024-30500
- CVE, Research URL
- Date
- Mar 29, 2024
- Research Description
- Unrestricted Upload of File with Dangerous Type vulnerability in CubeWP CubeWP – All-in-One Dynamic Content Framework.This issue affects CubeWP – All-in-One Dynamic Content Framework: from n/a through 1.1.12.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Oct 12, 2024
CubeWP – All-in-One Dynamic Content Framework # CVE-2024-48039
- CVE, Research URL
- Date
- Nov 01, 2024
- Research Description
- Missing Authorization vulnerability in CubeWP CubeWP – All-in-One Dynamic Content Framework allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CubeWP – All-in-One Dynamic Content Framework: from n/a through 1.1.15.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Jun 15, 2025
CubeWP – All-in-One Dynamic Content Framework # CVE-2025-4315
- CVE, Research URL
- Date
- Jun 11, 2025
- Research Description
- The CubeWP – All-in-One Dynamic Content Framework plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.1.23. This is due to the plugin allowing a user to update arbitrary user meta through the update_user_meta() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to elevate their privileges to that of an administrator.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
CubeWP – All-in-One Dynamic Content Framework # CVE-2025-30994
- CVE, Research URL
- Date
- Jun 06, 2025
- Research Description
- Cross-Site Request Forgery (CSRF) vulnerability in Emraan Cheema CubeWP – All-in-One Dynamic Content Framework allows Cross Site Request Forgery. This issue affects CubeWP – All-in-One Dynamic Content Framework: from n/a through 1.1.23.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable