CVE-2025-4315

Name of the Vulnerable Software and Affected Versions The CubeWP – All-in-One Dynamic Content Framework plugin for WordPress version 1.1.23 and earlier

Description The issue is related to Privilege Escalation, allowing authenticated attackers with Subscriber-level access and above to elevate their privileges to that of an administrator. This is due to the plugin permitting a user to update arbitrary user meta through the update user meta() function.

Recommendations For versions up to and including 1.1.23, consider disabling the update user meta() function as a temporary workaround until a patch is available. Restrict access to user meta updates to minimize the risk of exploitation.