{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-8487", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-08-01T20:29:06.095Z", "datePublished": "2025-09-19T03:34:47.887Z", "dateUpdated": "2026-04-08T16:40:58.736Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:40:58.736Z"}, "affected": [{"vendor": "extendthemes", "product": "Kubio AI Page Builder", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "2.6.3", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Kubio AI Page Builder plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the kubio-image-hub-install-plugin AJAX action in all versions up to, and including, 2.6.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install the Image Hub plugin."}], "title": "Kubio AI Page Builder <= 2.6.3 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Installation", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1f528c89-2b8c-4750-b9eb-47ebd8c1630e?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/kubio/tags/2.6.3/lib/integrations/image-hub/image-hub.php#L70"}, {"url": "https://plugins.trac.wordpress.org/changeset/3361499/kubio/trunk/lib/integrations/image-hub/image-hub.php"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization", "cweId": "CWE-862", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "baseScore": 5.4, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "wesley"}], "timeline": [{"time": "2025-09-18T14:48:40.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-09-19T13:09:05.719570Z", "id": "CVE-2025-8487", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-19T13:09:13.468Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-8487", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-09-19T13:09:05.719570Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-19T13:09:10.587Z"}}], "cna": {"title": "Kubio AI Page Builder <= 2.6.3 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Installation", "credits": [{"lang": "en", "type": "finder", "value": "wesley"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 5.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L"}}], "affected": [{"vendor": "extendthemes", "product": "Kubio AI Page Builder", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "2.6.3"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-09-18T14:48:40.000+00:00", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1f528c89-2b8c-4750-b9eb-47ebd8c1630e?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/kubio/tags/2.6.3/lib/integrations/image-hub/image-hub.php#L70"}, {"url": "https://plugins.trac.wordpress.org/changeset/3361499/kubio/trunk/lib/integrations/image-hub/image-hub.php"}], "descriptions": [{"lang": "en", "value": "The Kubio AI Page Builder plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the kubio-image-hub-install-plugin AJAX action in all versions up to, and including, 2.6.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install the Image Hub plugin."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2025-09-19T03:34:47.887Z"}}}, "cveMetadata": {"cveId": "CVE-2025-8487", "state": "PUBLISHED", "dateUpdated": "2025-09-19T13:09:13.468Z", "dateReserved": "2025-08-01T20:29:06.095Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-09-19T03:34:47.887Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Kubio AI Page Builder plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the kubio-image-hub-install-plugin AJAX action in all versions up to, and including, 2.6.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install the Image Hub plugin."}], "id": "CVE-2025-8487", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-09-19T04:17:02.947", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/kubio/tags/2.6.3/lib/integrations/image-hub/image-hub.php#L70"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset/3361499/kubio/trunk/lib/integrations/image-hub/image-hub.php"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1f528c89-2b8c-4750-b9eb-47ebd8c1630e?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-22T14:17:37.326922+00:00", "value": {"mitigation_remediation": ["Update Kubio AI Page Builder to version 2.6.4 or later, which removes the unchecked AJAX action.", "Restrict access to the kubio-image-hub-install-plugin endpoint by adding a proper capability check or using a firewall rule to prevent unauthorized plugin installations.", "Ensure that only administrators can install new plugins, and consider a security plugin that enforces strict role\u2011based installation policies."], "summary": {"action": "Patch", "impact": "Unauthorized plugin installation"}, "threat_synthesis": {"affected_systems": "WordPress sites that have the Kubio AI Page Builder plugin version 2.6.3 or earlier installed are affected. The plugin is distributed by extendthemes, and all users with Subscriber or higher roles are at risk.", "description_and_impact": "The vulnerability resides in the Kubio AI Page Builder plugin for WordPress. A missing capability check on the kubio-image-hub-install-plugin AJAX action permits any authenticated user with Subscriber\u2011level access or higher to trigger the installation of the Image Hub plugin. This flaw allows an attacker to install an additional plugin without proper authorization, potentially enabling malicious code execution or further privilege escalation on the WordPress site.", "risk_and_exploitability": "The CVSS score of 5.4 indicates moderate severity, while the EPSS of less than 1% reflects a low likelihood of exploitation in the wild. The vulnerability is not listed in CISA\u2019s KEV catalog. Authenticated users with Subscriber\u2011level access can exploit the flaw by sending a request to the AJAX endpoint, installing the Image Hub plugin, and thereby gaining the capabilities of that plugin. Because the attack requires only a legitimate authenticated session, it could be executed by compromised accounts or via social engineering. Prompt remediation is advised to prevent unauthorized plugin installation."}}}}, "created": "2025-09-19T09:35:11.933925+00:00", "updated": "2026-04-22T14:30:18.953510+00:00", "vendors": ["extendthemes", "extendthemes$PRODUCT$kubio_ai_page_builder", "wordpress", "wordpress$PRODUCT$wordpress"]}