CubeWP Framework

Vulnerabilities 11Slug cubewp-frameworkLatest version 1.1.30WordPress.org →

Minimum safe version

1.1.28

Update to 1.1.28 or later to address 10 fixable vulnerabilities

Latest available1.1.30 ✓⚠ 1 vulnerability has no fix

Medium 6.5

2025-09-22< 1.1.27

CubeWP <= 1.1.26 - Authenticated (Contributor+) Stored Cross-Site Scripting

Wordfence EUVD CVE

Medium 6.4

2026-01-17< 1.1.27

CubeWP <= 1.1.26 - Authenticated (Contributor+) Stored Cross-Site Scripting via cubewp_shortcode_taxonomy Shortcode

EUVD Wordfence CVE

Medium 4.3

2026-01-25< 1.1.28

CubeWP – All-in-One Dynamic Content Framework <= 1.1.27 - Unauthenticated Post Disclosure in class-cubewp-search-ajax-hooks.php

EUVD Wordfence CVE

Medium 5.3

2026-01-17< 1.1.28

CVE-2025-12129

CVE EUVD Wordfence

High 7.5

2025-12-29< 1.1.28

CVE-2025-68036

CVE EUVD Wordfence

High 8.8

2025-08-20< 1.1.25

CVE-2025-54735

CVE EUVD Wordfence

Medium 6.5

2025-06-17< 1.1.24

CVE-2025-49882

CVE EUVD Wordfence

High 8.8

2025-06-11< 1.1.24

CubeWP – All-in-One Dynamic Content Framework <= 1.1.23 - Authenticated (Subscriber+) Privilege Escalation

EUVD Wordfence CVE

Medium 4.3 Unfixed

2025-06-06≤ 1.1.30

WordPress CubeWP plugin <= 1.1.29 - Cross Site Request Forgery (CSRF) vulnerability

CVE EUVD Patchstack Wordfence

Medium 4.3

2024-11-01< 1.1.16

CVE-2024-48039

CVE Patchstack Wordfence

High 8.8

2024-03-29< 1.1.13

CVE-2024-30500

CVE Wordfence Patchstack WPScan