VYPR

Kubio AI Page Builder

by Extendthemes

Source repositories

CVEs (4)

  • CVE-2026-34887MedMar 31, 2026
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Extend Themes Kubio AI Page Builder allows Stored XSS.This issue affects Kubio AI Page Builder: from n/a through 2.7.0.

  • CVE-2024-39661MedAug 1, 2024
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ExtendThemes Kubio AI Page Builder.This issue affects Kubio AI Page Builder: from n/a through 2.2.4.

  • CVE-2024-13516MedJan 18, 2025
    risk 0.33cvss 6.1epss 0.00

    The Kubio AI Page Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'message' parameter in all versions up to, and including, 2.3.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers…

  • CVE-2025-8487MedSep 19, 2025
    risk 0.28cvss 5.4epss 0.00

    The Kubio AI Page Builder plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the kubio-image-hub-install-plugin AJAX action in all versions up to, and including, 2.6.3. This makes it possible for authenticated attackers,…