{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-4315", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-05-05T13:45:03.763Z", "datePublished": "2025-06-11T09:22:33.437Z", "dateUpdated": "2026-04-08T16:49:02.340Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:49:02.340Z"}, "affected": [{"vendor": "cubewp1211", "product": "CubeWP Framework", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.1.23", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The CubeWP \u2013 All-in-One Dynamic Content Framework plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.1.23. This is due to the plugin allowing a user to update arbitrary user meta through the update_user_meta() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to elevate their privileges to that of an administrator."}], "title": "CubeWP \u2013 All-in-One Dynamic Content Framework <= 1.1.23 - Authenticated (Subscriber+) Privilege Escalation", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/430b7e72-72b8-4cf8-99f4-ee1d1d4b4f24?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/cubewp-framework/tags/1.1.23/cube/classes/class-cubewp-rest-api.php#L691"}, {"url": "https://plugins.trac.wordpress.org/changeset/3306925/cubewp-framework#file2"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-269 Improper Privilege Management", "cweId": "CWE-269", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH"}}], "credits": [{"lang": "en", "type": "finder", "value": "Friderika Baranyai"}], "timeline": [{"time": "2025-06-10T00:00:00.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-06-11T13:13:39.227293Z", "id": "CVE-2025-4315", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-11T13:13:44.603Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-4315", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-06-11T13:13:39.227293Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-11T13:13:41.417Z"}}], "cna": {"title": "CubeWP \u2013 All-in-One Dynamic Content Framework <= 1.1.23 - Authenticated (Subscriber+) Privilege Escalation", "credits": [{"lang": "en", "type": "finder", "value": "Friderika Baranyai"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "cubewp1211", "product": "CubeWP Framework", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.1.23"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-06-10T00:00:00.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/430b7e72-72b8-4cf8-99f4-ee1d1d4b4f24?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/cubewp-framework/tags/1.1.23/cube/classes/class-cubewp-rest-api.php#L691"}, {"url": "https://plugins.trac.wordpress.org/changeset/3306925/cubewp-framework#file2"}], "descriptions": [{"lang": "en", "value": "The CubeWP \u2013 All-in-One Dynamic Content Framework plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.1.23. This is due to the plugin allowing a user to update arbitrary user meta through the update_user_meta() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to elevate their privileges to that of an administrator."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:49:02.340Z"}}}, "cveMetadata": {"cveId": "CVE-2025-4315", "state": "PUBLISHED", "dateUpdated": "2026-04-08T16:49:02.340Z", "dateReserved": "2025-05-05T13:45:03.763Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-06-11T09:22:33.437Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cubewp:cubewp:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "02E6BFBC-4555-4C31-AB25-E143B3D4B9AE", "versionEndExcluding": "1.1.24", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The CubeWP \u2013 All-in-One Dynamic Content Framework plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.1.23. This is due to the plugin allowing a user to update arbitrary user meta through the update_user_meta() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to elevate their privileges to that of an administrator."}, {"lang": "es", "value": "El complemento CubeWP \u2013 All-in-One Dynamic Content Framework para WordPress es vulnerable a la escalada de privilegios en todas las versiones hasta la 1.1.23 incluida. Esto se debe a que el complemento permite a un usuario actualizar metadatos de usuario arbitrarios mediante la funci\u00f3n update_user_meta(). Esto permite a atacantes autenticados, con acceso de suscriptor o superior, elevar sus privilegios a los de administrador."}], "id": "CVE-2025-4315", "lastModified": "2025-07-10T00:28:39.840", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Primary"}]}, "published": "2025-06-11T10:15:21.733", "references": [{"source": "security@wordfence.com", "tags": ["Product"], "url": "https://plugins.trac.wordpress.org/browser/cubewp-framework/tags/1.1.23/cube/classes/class-cubewp-rest-api.php#L691"}, {"source": "security@wordfence.com", "tags": ["Patch"], "url": "https://plugins.trac.wordpress.org/changeset/3306925/cubewp-framework#file2"}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/430b7e72-72b8-4cf8-99f4-ee1d1d4b4f24?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "security@wordfence.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-21T20:20:29.046395+00:00", "value": {"mitigation_remediation": ["Update the CubeWP Framework plugin to the latest version (above 1.1.23).", "Restrict or revoke Subscriber+ roles that do not require elevated privileges, ensuring only trusted users have such rights. ", "Disable or restrict the REST API endpoint that performs update_user_meta operations, or configure the plugin to enforce proper authorization checks before allowing meta updates."], "summary": {"action": "Immediate Patch", "impact": "Privilege Escalation to Administrator"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the CubeWP Framework plugin for WordPress, versions up to and including 1.1.23. Users running any of these versions should verify the installed version and consider an upgrade.", "description_and_impact": "The CubeWP \u2013 All-in-One Dynamic Content Framework plugin for WordPress contains a flaw that lets an authenticated user alter any user meta data via the update_user_meta() function. This flaw enables a malicious account with basic Subscriber or higher privileges to elevate its role to Administrator, effectively granting full control over the WordPress site. The impact is that attackers could gain complete administrative access, read or modify site content, install additional plugins, or compromise the integrity and confidentiality of site data.", "risk_and_exploitability": "The flaw is a high\u2011severity issue with a CVSS score of 8.8. The EPSS score of less than 1% indicates a low probability of exploitation at present, and the vulnerability is not listed in CISA\u2019s KEV catalog, suggesting no confirmed public exploitation. However, the attack requires an authenticated user with Subscriber or higher access and the ability to send a request to the plugin\u2019s REST API endpoint that calls update_user_meta. The attack vector is inferred to be a REST API call, as the description indicates the flaw occurs in the plugin\u2019s API handling code."}}}}, "created": "2026-04-21T20:30:27.397379+00:00", "updated": "2026-04-21T20:30:27.397391+00:00", "vendors": []}