PT-2026-4645 · WordPress · Cubewp – All-In-One Dynamic Content Framework

Matthew Rollings

Publicado

2026-01-25

Atualizado

2026-01-25

CVE-2025-6461

CVSS v3.1

4.3

Média

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions CubeWP – All-in-One Dynamic Content Framework versions prior to 1.1.27

Description The CubeWP plugin for WordPress has an information exposure issue. Insufficient restrictions on the search feature in the class-cubewp-search-ajax-hooks.php file allows unauthenticated attackers to access data from password-protected, private, or draft posts that they should not be able to view. The vulnerable search feature allows extraction of sensitive information.

Recommendations Update CubeWP – All-in-One Dynamic Content Framework to a version later than 1.1.27.

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

CVE-2025-6461

Produtos afetados

Cubewp – All-In-One Dynamic Content Framework

PT-2026-4645 · WordPress · Cubewp – All-In-One Dynamic Content Framework

CVE-2025-6461

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7