VYPR

Cubewp Framework

by WordPress

Source repositories

CVEs (7)

  • CVE-2025-68036HigDec 30, 2025
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in Imran Tauqeer CubeWP cubewp-framework allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects CubeWP: from n/a through <= 1.1.27.

  • CVE-2025-59569MedSep 22, 2025
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Imran Tauqeer CubeWP cubewp-framework allows Stored XSS.This issue affects CubeWP: from n/a through <= 1.1.26.

  • CVE-2025-49882MedJun 17, 2025
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Imran Tauqeer CubeWP cubewp-framework allows DOM-Based XSS.This issue affects CubeWP: from n/a through <= 1.1.23.

  • CVE-2025-8615MedJan 17, 2026
    risk 0.35cvss 6.4epss 0.00

    The CubeWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cubewp_shortcode_taxonomy shortcode in all versions up to, and including, 1.1.26 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it…

  • CVE-2025-30994MedJun 6, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Imran Tauqeer CubeWP cubewp-framework allows Cross Site Request Forgery.This issue affects CubeWP: from n/a through <= 1.1.29.

  • CVE-2025-12129MedJan 17, 2026
    risk 0.27cvss 5.3epss 0.00

    The CubeWP – All-in-One Dynamic Content Framework plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.27 via the /cubewp-posts/v1/query-new and /cubewp-posts/v1/query REST API endpoints due to insufficient restrictions on which…

  • CVE-2025-6461MedJan 25, 2026
    risk 0.21cvss 4.3epss 0.00

    The CubeWP – All-in-One Dynamic Content Framework plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.27 via the search feature in class-cubewp-search-ajax-hooks.php due to insufficient restrictions on which posts can be…