cleantalk
Vulnerabilities and Security Researches

CubeWP – All-in-One Dynamic Content Framework, CVE-2025-54735

CVE, Research URL

CVE-2025-54735

Home page URL

Security reports for CubeWP – All-in-One Dynamic Content Framework

Application

CubeWP – All-in-One Dynamic Content Framework

Published on
Aug 20, 2025
Research Description
Incorrect Privilege Assignment vulnerability in Emraan Cheema CubeWP Framework allows Privilege Escalation. This issue affects CubeWP Framework: from n/a through 1.1.24.
Affected versions
Min -, max 1.1.25.
Status
vulnerable
Previous vulnerability researches
Jenga Payment Gateway for WooCommerce (CVE-2025-49432) , Aug 20, 2025
New vulnerability
Themify Builder (CVE-2025-49396) , Aug 23, 2025
NEX-Forms – Ultimate Form Builder – Contact forms and much more (CVE-2025-49399) , Aug 22, 2025
iFrame Block (CVE-2025-49411) , Aug 22, 2025
The Plus Blocks for Block Editor | Gutenberg (CVE-2025-8567) , Aug 22, 2025
WP Visitor Statistics (Real Time Traffic) (CVE-2025-49400) , Aug 22, 2025