WordPress CubeWP plugin <= 1.1.26 - Authenticated (Contributor+) Stored Cross-Site Scripting via cubewp_shortcode_taxonomy Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via cubewpshortcodetaxonomy Shortcode vulnerability discovered by zaim in WordPress Plugin CubeWP versions = 1.1.26...

CVE-2025-68036 WordPress CubeWP plugin <= 1.1.27 - Broken Access Control vulnerability

Missing Authorization vulnerability in Emraan Cheema CubeWP allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects CubeWP: from n/a through 1.1.27...

CVE-2025-68036

CVE-2025-68036 pertains to the CubeWP Framework (CubeWP) with a Missing Authorization flaw reported up to version 1.1.27. Wordfence notes this entry under CubeWP Framework and marks it as patched; no exploitation details are provided in the sources. Recommendation: apply the patch/upgrade to a fi...

CVE-2025-59569 WordPress CubeWP Plugin <= 1.1.26 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Imran Tauqeer CubeWP cubewp-framework allows Stored XSS.This issue affects CubeWP: from n/a through = 1.1.26...

CVE-2025-54735 WordPress CubeWP Framework Plugin <= 1.1.24 - Privilege Escalation Vulnerability

Incorrect Privilege Assignment vulnerability in Imran Tauqeer CubeWP cubewp-framework allows Privilege Escalation.This issue affects CubeWP: from n/a through = 1.1.24...

CVE-2025-54735 WordPress CubeWP Framework Plugin <= 1.1.24 - Privilege Escalation Vulnerability

Incorrect Privilege Assignment vulnerability in Emraan Cheema CubeWP Framework allows Privilege Escalation. This issue affects CubeWP Framework: from n/a through 1.1.24...

WordPress CubeWP Forms plugin <= 1.1.10 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by hunter85 in WordPress Plugin CubeWP Forms versions = 1.1.10...

WordPress CubeWP Forms – All-in-One Form Builder Plugin <= 1.1.1 is vulnerable to Cross Site Scripting (XSS)

Software CubeWP Forms – All-in-One Form Builder Type Plugin Vulnerable versions = 1.1.1 Fixed in 1.1.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47300 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 126f1788c7ef Credits hunter85...

WordPress CubeWP – All-in-One Dynamic Content Framework Plugin <= 1.1.12 is vulnerable to Arbitrary File Upload

Software CubeWP – All-in-One Dynamic Content Framework Type Plugin Vulnerable versions = 1.1.12 Fixed in 1.1.13 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-30500 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 46eee47f3899 Credits Peng Zh...