WordPress Plugin CubeWP - All-in-One Dynamic Content Framework Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin CubeWP - All-in-One...

CVE-2025-6461 CubeWP – All-in-One Dynamic Content Framework <= 1.1.27 - Unauthenticated Post Disclosure in class-cubewp-search-ajax-hooks.php

The CubeWP – All-in-One Dynamic Content Framework plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.27 via the search feature in class-cubewp-search-ajax-hooks.php due to insufficient restrictions on which posts can be included. This makes it...

CVE-2025-12129

CVE-2025-12129 affects the CubeWP – All-in-One Dynamic Content Framework WordPress plugin (versions up to and including 1.1.27). Unauthenticated attackers can exfiltrate data from password-protected, private, or draft posts via the REST endpoints /cubewp-posts/v1/query-new and /cubewp-posts/v1/qu...

EUVD-2025-17235

Malicious code in bioql PyPI...

EUVD-2024-28420

Malicious code in bioql PyPI...

CVE-2025-30994

Cross-Site Request Forgery CSRF vulnerability in Imran Tauqeer CubeWP cubewp-framework allows Cross Site Request Forgery.This issue affects CubeWP: from n/a through = 1.1.29...

CVE-2025-30994

CubeWP – All-in-One Dynamic Content Framework (CubeWP) has CSRF vulnerability CVE-2025-30994 affecting releases up to 1.1.23. The connected documents do not specify a fixed version or remediation.

CVE-2024-48039

Missing Authorization vulnerability in CubeWP CubeWP – All-in-One Dynamic Content Framework allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CubeWP – All-in-One Dynamic Content Framework: from n/a through 1.1.15...

CubeWP – All-in-One Dynamic Content Framework < 1.1.13 - Authenticated (Subscriber+) Arbitrary File Upload

Description The CubeWP – All-in-One Dynamic Content Framework plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the cwpimportdatacallback function in all versions up to, and including, 1.1.12. This makes it possible for authenticated attackers, wi...

CVE-2024-30500 WordPress CubeWP plugin <= 1.1.12 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in CubeWP CubeWP – All-in-One Dynamic Content Framework.This issue affects CubeWP – All-in-One Dynamic Content Framework: from n/a through 1.1.12...

PT-2024-23427 · Cubewp · Cubewp

Name of the Vulnerable Software and Affected Versions: CubeWP – All-in-One Dynamic Content Framework versions 1.1.12 and earlier Description: The issue is related to an Unrestricted Upload of File with Dangerous Type, which affects the CubeWP – All-in-One Dynamic Content Framework. Recommendation...