cleantalk
Vulnerabilities and Security Researches

CubeWP – All-in-One Dynamic Content Framework, CVE-2025-30994

CVE, Research URL

CVE-2025-30994

Home page URL

Security reports for CubeWP – All-in-One Dynamic Content Framework

Application

CubeWP – All-in-One Dynamic Content Framework

Published on
Jun 06, 2025
Research Description
Cross-Site Request Forgery (CSRF) vulnerability in Emraan Cheema CubeWP – All-in-One Dynamic Content Framework allows Cross Site Request Forgery. This issue affects CubeWP – All-in-One Dynamic Content Framework: from n/a through 1.1.23.
Affected versions
Min -, max 1.1.24.
Status
vulnerable
Previous vulnerability researches
Envo's Elementor Templates & Widgets for WooCommerce (CVE-2024-43292) , Aug 20, 2024
Envo's Elementor Templates & Widgets for WooCommerce (CVE-2024-0766) , Jun 10, 2024
Envo's Elementor Templates & Widgets for WooCommerce (CVE-2024-35167) , Jun 10, 2024
Envo's Elementor Templates & Widgets for WooCommerce (CVE-2024-50447) , Oct 27, 2024
Envo's Elementor Templates & Widgets for WooCommerce (CVE-2024-0768) , Jun 10, 2024
New vulnerability
All-in-One Addons for Elementor – WidgetKit (CVE-2025-49074) , Jun 15, 2025
ElementInvader Addons for Elementor (CVE-2025-48288) , Jun 15, 2025
Falang multilanguage for WordPress (CVE-2025-48285) , Jun 15, 2025
Social Sharing Plugin – Sassy Social Share (CVE-2025-5528) , Jun 15, 2025
PSW – Login and registration (CVE-2025-4607) , Jun 15, 2025