cleantalk
Vulnerabilities and Security Researches

Kubio AI Page Builder, CVE-2025-2294

CVE, Research URL

CVE-2025-2294

Home page URL

Security reports for Kubio AI Page Builder

Application

Kubio AI Page Builder

Published on
Mar 28, 2025
Research Description
The Kubio AI Page Builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.5.1 via thekubio_hybrid_theme_load_template function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
Affected versions
Min -, max 2.5.2.
Status
vulnerable
Previous vulnerability researches
Kubio AI Page Builder (CVE-2024-13516) , Jan 19, 2025
Kubio AI Page Builder (CVE-2024-39661) , Aug 04, 2024
Kubio AI Page Builder (CVE-2025-2294) , Apr 02, 2025
New vulnerability
isMobile() Shortcode for WordPress (CVE-2025-6488) , Jul 03, 2025
All-in-One Addons for Elementor – WidgetKit (CVE-2025-2330) , Jul 03, 2025
My Wp Brand – Hide menu & Hide Plugin (CVE-2025-53269) , Jul 03, 2025
MobiLoud – WordPress Mobile Apps – Convert your WordPress Website to Native Mobile Apps (CVE-2025-52813) , Jul 03, 2025
Forminator – Contact Form, Payment Form & Custom Form Builder (CVE-2025-6463) , Jul 03, 2025