CVE-2025-8487

The Kubio AI Page Builder plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the kubio-image-hub-install-plugin AJAX action in all versions up to, and including, 2.6.3. This makes it possible for authenticated attackers, with Subscriber-lev...

CVE-2025-8487 Kubio AI Page Builder <= 2.6.3 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Installation

The Kubio AI Page Builder plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the kubio-image-hub-install-plugin AJAX action in all versions up to, and including, 2.6.3. This makes it possible for authenticated attackers, with Subscriber-lev...

CVE-2025-8487

CVE-2025-8487 affects Kubio AI Page Builder for WordPress up to version 2.6.3. The vulnerability is caused by a missing capability check on the kubio-image-hub-install-plugin AJAX action, enabling authenticated users with Subscriber-level access and above to install the Image Hub plugin. Exploita...

PT-2025-38508

Name of the Vulnerable Software and Affected Versions Kubio AI Page Builder plugin for WordPress versions up to and including 2.6.3 Description The Kubio AI Page Builder plugin for WordPress is susceptible to unauthorized plugin installation due to a missing capability check on the...