137 matches found
WordPress CubeWP plugin <= 1.1.27 - Unauthenticated Information Exposure vulnerability
Unauthenticated Information Exposure vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin CubeWP versions = 1.1.27...
WordPress CubeWP plugin <= 1.1.27 - Unauthenticated Post Disclosure in class-cubewp-search-ajax-hooks.php vulnerability
Unauthenticated Post Disclosure in class-cubewp-search-ajax-hooks.php vulnerability discovered by stealthcopter in WordPress Plugin CubeWP versions = 1.1.27...
WordPress CubeWP plugin <= 1.1.26 - Authenticated (Contributor+) Stored Cross-Site Scripting via cubewp_shortcode_taxonomy Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via cubewpshortcodetaxonomy Shortcode vulnerability discovered by zaim in WordPress Plugin CubeWP versions = 1.1.26...
WordPress Plugin CubeWP - All-in-One Dynamic Content Framework Information Disclosure Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin CubeWP - All-in-One...
CVE-2025-6461
The CubeWP – All-in-One Dynamic Content Framework plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.27 via the search feature in class-cubewp-search-ajax-hooks.php due to insufficient restrictions on which posts can be included. This makes it...
CVE-2025-6461
The CubeWP – All-in-One Dynamic Content Framework plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.27 via the search feature in class-cubewp-search-ajax-hooks.php due to insufficient restrictions on which posts can be included. This makes it...
CVE-2025-6461
CVE-2025-6461 affects the CubeWP Framework (WordPress) and is due to Information Exposure via the search functionality in class-cubewp-search-ajax-hooks.php. It applies to all versions up to and including 1.1.27, enabling unauthenticated attackers to retrieve data from password-protected, private...
CVE-2025-6461
The CubeWP – All-in-One Dynamic Content Framework plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.27 via the search feature in class-cubewp-search-ajax-hooks.php due to insufficient restrictions on which posts can be included. This makes it...
EUVD-2026-4642
The CubeWP – All-in-One Dynamic Content Framework plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.27 via the search feature in class-cubewp-search-ajax-hooks.php due to insufficient restrictions on which posts can be included. This makes it...
CVE-2025-6461 CubeWP – All-in-One Dynamic Content Framework <= 1.1.27 - Unauthenticated Post Disclosure in class-cubewp-search-ajax-hooks.php
The CubeWP – All-in-One Dynamic Content Framework plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.27 via the search feature in class-cubewp-search-ajax-hooks.php due to insufficient restrictions on which posts can be included. This makes it...
PT-2026-4645
The CubeWP – All-in-One Dynamic Content Framework plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.27 via the search feature in class-cubewp-search-ajax-hooks.php due to insufficient restrictions on which posts can be included. This makes it...
WordPress plugin CubeWP – All-in-One Dynamic Content Framework 信息泄露漏洞
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin CubeWP - All-in-One...
CVE-2025-8615
The CubeWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cubewpshortcodetaxonomy shortcode in all versions up to, and including, 1.1.26 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-12129
The CubeWP – All-in-One Dynamic Content Framework plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.27 via the /cubewp-posts/v1/query-new and /cubewp-posts/v1/query REST API endpoints due to insufficient restrictions on which posts can be include...
CVE-2025-8615
The CubeWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cubewpshortcodetaxonomy shortcode in all versions up to, and including, 1.1.26 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-8615
CVE-2025-8615 affects the CubeWP Framework (WordPress) and is a Stored Cross‑Site Scripting via the cubewp_shortcode_taxonomy shortcode in all versions up to and including 1.1.26. The issue arises from insufficient input sanitization and output escaping on user-supplied attributes, enabling authe...
CVE-2025-8615 CubeWP <= 1.1.26 - Authenticated (Contributor+) Stored Cross-Site Scripting via cubewp_shortcode_taxonomy Shortcode
The CubeWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cubewpshortcodetaxonomy shortcode in all versions up to, and including, 1.1.26 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
EUVD-2026-3142
The CubeWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cubewpshortcodetaxonomy shortcode in all versions up to, and including, 1.1.26 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-8615 CubeWP <= 1.1.26 - Authenticated (Contributor+) Stored Cross-Site Scripting via cubewp_shortcode_taxonomy Shortcode
The CubeWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cubewpshortcodetaxonomy shortcode in all versions up to, and including, 1.1.26 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-8615
The CubeWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cubewpshortcodetaxonomy shortcode in all versions up to, and including, 1.1.26 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...