vulnerability

WordPress Plugin: cubewp-framework: CVE-2025-4315: Improper Privilege Management

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
9	(AV:N/AC:L/Au:S/C:C/I:C/A:C)	Jun 10, 2025	Jun 11, 2025	Jun 24, 2025

Severity

CVSS

(AV:N/AC:L/Au:S/C:C/I:C/A:C)

Published

Jun 10, 2025

Added

Jun 11, 2025

Modified

Jun 24, 2025

Description

The CubeWP – All-in-One Dynamic Content Framework plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.1.23. This is due to the plugin allowing a user to update arbitrary user meta through the update_user_meta() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to elevate their privileges to that of an administrator.

Solution

cubewp-framework-plugin-cve-2025-4315

References

URL-https://www.cve.org/CVERecord?id=CVE-2025-4315
URL-https://www.wordfence.com/threat-intel/vulnerabilities/id/430b7e72-72b8-4cf8-99f4-ee1d1d4b4f24?source=api-prod
CVE-2025-4315
https://attackerkb.com/topics/CVE-2025-4315
CWE-269

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today