CVE-2025-2294

Name of the Vulnerable Software and Affected Versions Kubio AI Page Builder for WordPress versions through 2.5.1

Description The Kubio AI Page Builder plugin for WordPress is susceptible to a Local File Inclusion issue via the kubio hybrid theme load template function. This allows unauthenticated attackers to include and execute arbitrary files on the server, potentially enabling them to bypass access controls, obtain sensitive data, or achieve code execution. The vulnerability exists because attackers can include and execute PHP code within uploaded files, even those considered safe like images. Reports indicate over 90,000 active installations of the affected plugin. The vulnerability allows attackers to execute arbitrary code on the server.

Recommendations Update Kubio AI Page Builder to version 2.5.2 or later.