CVE-2025-10706

The Classified Pro theme for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check in the 'cwpaddonsupdateplugincb' function in all versions up to, and including, 1.0.14. This makes it possible for authenticated attackers, with subscriber-level access and...

CVE-2025-10706

The Classified Pro theme for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check in the 'cwpaddonsupdateplugincb' function in all versions up to, and including, 1.0.14. This makes it possible for authenticated attackers, with subscriber-level access and...

CVE-2025-10706 Classified Pro <= 1.0.14 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation

The Classified Pro theme for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check in the 'cwpaddonsupdateplugincb' function in all versions up to, and including, 1.0.14. This makes it possible for authenticated attackers, with subscriber-level access and...

CVE-2025-10706

CVE-2025-10706 pertains to the Classified Pro WordPress theme. Wordfence and CVE records confirm a missing capability check in cwp_addons_update_plugin_cb across all versions

EUVD-2025-34723

The Classified Pro theme for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check in the 'cwpaddonsupdateplugincb' function in all versions up to, and including, 1.0.14. This makes it possible for authenticated attackers, with subscriber-level access and...

EUVD-2025-28566

Malicious code in bioql PyPI...

EUVD-2025-19218

Malicious code in bioql PyPI...

CVE-2025-54735

Incorrect Privilege Assignment vulnerability in Imran Tauqeer CubeWP cubewp-framework allows Privilege Escalation.This issue affects CubeWP: from n/a through = 1.1.24...

CVE-2025-54735

Incorrect Privilege Assignment vulnerability in Imran Tauqeer CubeWP cubewp-framework allows Privilege Escalation.This issue affects CubeWP: from n/a through = 1.1.24...

CVE-2025-54735 WordPress CubeWP Framework Plugin <= 1.1.24 - Privilege Escalation Vulnerability

Incorrect Privilege Assignment vulnerability in Emraan Cheema CubeWP Framework allows Privilege Escalation. This issue affects CubeWP Framework: from n/a through 1.1.24...

CVE-2025-54735 WordPress CubeWP Framework Plugin <= 1.1.24 - Privilege Escalation Vulnerability

Incorrect Privilege Assignment vulnerability in Imran Tauqeer CubeWP cubewp-framework allows Privilege Escalation.This issue affects CubeWP: from n/a through = 1.1.24...

CVE-2025-54735

CVE-2025-54735 covers CubeWP Framework (WordPress CubeWP plugin) with an incorrect privilege assignment that allows Privilege Escalation for authenticated users (Subscriber+). Affected versions are CubeWP Framework from n/a through 1.1.24. The vulnerability has been publicly disclosed and is rate...

PT-2025-34023 · WordPress · Cubewp Framework

Name of the Vulnerable Software and Affected Versions: CubeWP Framework versions n/a through 1.1.24 Description: An incorrect privilege assignment issue exists in CubeWP Framework, allowing for privilege escalation. Recommendations: Update CubeWP Framework to a version later than 1.1.24...

WordPress plugin CubeWP Framework 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2025-49882

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Imran Tauqeer CubeWP cubewp-framework allows DOM-Based XSS.This issue affects CubeWP: from n/a through = 1.1.23...

CVE-2025-49882

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Imran Tauqeer CubeWP cubewp-framework allows DOM-Based XSS.This issue affects CubeWP: from n/a through = 1.1.23...

CVE-2025-49882 WordPress CubeWP Framework plugin <= 1.1.23 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Imran Tauqeer CubeWP cubewp-framework allows DOM-Based XSS.This issue affects CubeWP: from n/a through = 1.1.23...

CVE-2025-49882 WordPress CubeWP Framework plugin <= 1.1.23 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Imran Tauqeer CubeWP cubewp-framework allows DOM-Based XSS.This issue affects CubeWP: from n/a through = 1.1.23...

CVE-2025-49882

CVE-2025-49882 is a cross-site scripting vulnerability in the WordPress CubeWP Framework, identified as a DOM-based XSS due to improper input neutralization in web page generation. Affected software is CubeWP Framework versions up to and including 1.1.23. Public sources corroborate the issue with...

PT-2025-25736 · Unknown · Cubewp Framework

Name of the Vulnerable Software and Affected Versions: CubeWP Framework versions 1.1.23 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows DOM-Based XSS in the CubeWP Framework...