CVE-2025-10706

The Classified Pro theme for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check in the 'cwpaddonsupdateplugincb' function in all versions up to, and including, 1.0.14. This makes it possible for authenticated attackers, with subscriber-level access and...

CVE-2025-10706

The Classified Pro theme for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check in the 'cwpaddonsupdateplugincb' function in all versions up to, and including, 1.0.14. This makes it possible for authenticated attackers, with subscriber-level access and...

CVE-2025-10706 Classified Pro <= 1.0.14 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation

The Classified Pro theme for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check in the 'cwpaddonsupdateplugincb' function in all versions up to, and including, 1.0.14. This makes it possible for authenticated attackers, with subscriber-level access and...

EUVD-2025-34723

The Classified Pro theme for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check in the 'cwpaddonsupdateplugincb' function in all versions up to, and including, 1.0.14. This makes it possible for authenticated attackers, with subscriber-level access and...

CVE-2025-10706

CVE-2025-10706 pertains to the Classified Pro WordPress theme. Wordfence and CVE records confirm a missing capability check in cwp_addons_update_plugin_cb across all versions

EUVD-2025-28566

Malicious code in bioql PyPI...

EUVD-2025-19218

Malicious code in bioql PyPI...

CVE-2025-54735

Incorrect Privilege Assignment vulnerability in Imran Tauqeer CubeWP cubewp-framework allows Privilege Escalation.This issue affects CubeWP: from n/a through = 1.1.24...

CVE-2025-54735

Incorrect Privilege Assignment vulnerability in Imran Tauqeer CubeWP cubewp-framework allows Privilege Escalation.This issue affects CubeWP: from n/a through = 1.1.24...

CVE-2025-54735 WordPress CubeWP Framework Plugin <= 1.1.24 - Privilege Escalation Vulnerability

Incorrect Privilege Assignment vulnerability in Emraan Cheema CubeWP Framework allows Privilege Escalation. This issue affects CubeWP Framework: from n/a through 1.1.24...

CVE-2025-54735

CVE-2025-54735 covers CubeWP Framework (WordPress CubeWP plugin) with an incorrect privilege assignment that allows Privilege Escalation for authenticated users (Subscriber+). Affected versions are CubeWP Framework from n/a through 1.1.24. The vulnerability has been publicly disclosed and is rate...

CVE-2025-54735 WordPress CubeWP Framework Plugin <= 1.1.24 - Privilege Escalation Vulnerability

Incorrect Privilege Assignment vulnerability in Imran Tauqeer CubeWP cubewp-framework allows Privilege Escalation.This issue affects CubeWP: from n/a through = 1.1.24...

WordPress plugin CubeWP Framework 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2025-34023 · WordPress · Cubewp Framework

Name of the Vulnerable Software and Affected Versions: CubeWP Framework versions n/a through 1.1.24 Description: An incorrect privilege assignment issue exists in CubeWP Framework, allowing for privilege escalation. Recommendations: Update CubeWP Framework to a version later than 1.1.24...

CVE-2025-49882

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Imran Tauqeer CubeWP cubewp-framework allows DOM-Based XSS.This issue affects CubeWP: from n/a through = 1.1.23...

CVE-2025-49882

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Imran Tauqeer CubeWP cubewp-framework allows DOM-Based XSS.This issue affects CubeWP: from n/a through = 1.1.23...

CVE-2025-49882 WordPress CubeWP Framework plugin <= 1.1.23 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Imran Tauqeer CubeWP cubewp-framework allows DOM-Based XSS.This issue affects CubeWP: from n/a through = 1.1.23...

CVE-2025-49882 WordPress CubeWP Framework plugin <= 1.1.23 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Imran Tauqeer CubeWP cubewp-framework allows DOM-Based XSS.This issue affects CubeWP: from n/a through = 1.1.23...

CVE-2025-49882

CVE-2025-49882 is a cross-site scripting vulnerability in the WordPress CubeWP Framework, identified as a DOM-based XSS due to improper input neutralization in web page generation. Affected software is CubeWP Framework versions up to and including 1.1.23. Public sources corroborate the issue with...

WordPress plugin CubeWP Framework 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...