cleantalk
Vulnerabilities and Security Researches

Kubio AI Page Builder, CVE-2025-8487

CVE, Research URL

CVE-2025-8487

Home page URL

Security reports for Kubio AI Page Builder

Application

Kubio AI Page Builder

Published on
Sep 19, 2025
Research Description
The Kubio AI Page Builder plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the kubio-image-hub-install-plugin AJAX action in all versions up to, and including, 2.6.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install the Image Hub plugin.
Affected versions
max 2.6.5.
Status
vulnerable
Previous vulnerability researches
Flexible Blogtitle (CVE-2025-23846) , Jan 24, 2025
New vulnerability
Smart Docs (CVE-2025-9333) , Apr 25, 2026
WPKoi Templates for Elementor (CVE-2025-57999) , Apr 25, 2026
HT Mega – Absolute Addons For Elementor (CVE-2026-4106) , Apr 25, 2026
Verowa Connect (CVE-2025-58257) , Apr 25, 2026
Image Editor by Pixo (CVE-2025-58232) , Apr 25, 2026