vulnerability

WordPress Plugin: kubio: CVE-2025-8487: Missing Authorization

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:S/C:N/I:P/A:P)	Sep 18, 2025	Sep 19, 2025	Sep 22, 2025

Severity

CVSS

(AV:N/AC:L/Au:S/C:N/I:P/A:P)

Published

Sep 18, 2025

Added

Sep 19, 2025

Modified

Sep 22, 2025

Description

The Kubio AI Page Builder plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the kubio-image-hub-install-plugin AJAX action in all versions up to, and including, 2.6.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install the Image Hub plugin.

Solution

kubio-plugin-cve-2025-8487

References

URL-https://www.cve.org/CVERecord?id=CVE-2025-8487
URL-https://www.wordfence.com/threat-intel/vulnerabilities/id/1f528c89-2b8c-4750-b9eb-47ebd8c1630e?source=api-prod
CVE-2025-8487
https://attackerkb.com/topics/CVE-2025-8487
CWE-862

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today