Browse all 4 CVE security advisories affecting cubewp1211. AI-powered Chinese analysis, POCs, and references for each vulnerability.
CubeWP1211 is a WordPress plugin designed for building custom post types and taxonomies with user-friendly interfaces. Historically, it has been associated with multiple critical vulnerabilities including remote code execution (RCE), cross-site scripting (XSS), and privilege escalation flaws, often stemming from insufficient input validation and improper access controls. The plugin's security posture has been compromised through multiple CVEs, with some instances allowing unauthenticated attackers to execute arbitrary code or compromise administrative accounts. These vulnerabilities typically arise from the plugin's dynamic content generation features and inadequate sanitization of user-supplied data, posing significant risks to WordPress installations when not promptly updated.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-6461 | CubeWP – All-in-One Dynamic Content Framework <= 1.1.27 - Unauthenticated Post Disclosure in class-cubewp-search-ajax-hooks.php — CubeWP FrameworkCWE-200 | 4.3 | Medium | 2026-01-25 |
| CVE-2025-8615 | CubeWP <= 1.1.26 - Authenticated (Contributor+) Stored Cross-Site Scripting via cubewp_shortcode_taxonomy Shortcode — CubeWP FrameworkCWE-79 | 6.4 | Medium | 2026-01-17 |
| CVE-2025-12129 | CubeWP – All-in-One Dynamic Content Framework <= 1.1.27 - Unauthenticated Information Exposure — CubeWP FrameworkCWE-200 | 5.3 | Medium | 2026-01-17 |
| CVE-2025-4315 | CubeWP – All-in-One Dynamic Content Framework <= 1.1.23 - Authenticated (Subscriber+) Privilege Escalation — CubeWP FrameworkCWE-269 | 8.8 | High | 2025-06-11 |
This page lists every published CVE security advisory associated with cubewp1211. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.