cleantalk
Vulnerabilities and Security Researches

CubeWP – All-in-One Dynamic Content Framework, CVE-2025-68036

CVE, Research URL

CVE-2025-68036

Home page URL

Security reports for CubeWP – All-in-One Dynamic Content Framework

Application

CubeWP – All-in-One Dynamic Content Framework

Published on
Dec 30, 2025
Research Description
Missing Authorization vulnerability in Emraan Cheema CubeWP allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects CubeWP: from n/a through 1.1.27.
Affected versions
max 1.1.27.
Status
vulnerable
Previous vulnerability researches
CubeWP – All-in-One Dynamic Content Framework (CVE-2024-48039) , Oct 12, 2024
CubeWP – All-in-One Dynamic Content Framework (CVE-2025-4315) , Jun 15, 2025
CubeWP – All-in-One Dynamic Content Framework (CVE-2025-30994) , Jun 15, 2025
CubeWP – All-in-One Dynamic Content Framework (CVE-2025-6461) , Apr 15, 2026
CubeWP – All-in-One Dynamic Content Framework (CVE-2025-68036) , Jan 10, 2026
New vulnerability
WP Google Ad Manager Plugin (CVE-2026-1399) , Apr 15, 2026
WP Social Meta (CVE-2026-2498) , Apr 15, 2026
Allow HTML in Category Descriptions (CVE-2026-0693) , Apr 15, 2026
Spreadsheet Integration – Automate Google Sheets With WordPress, WooCommerce & Most Popular Form Plugins. Also, Display G (CVE-2026-1916) , Apr 15, 2026
s2Member – Best Membership Plugin for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscription (CVE-2026-1994) , Apr 15, 2026