WordPress Plugin Vulnerabilities

CubeWP Framework < 1.1.25 - Subscriber+ Privilege Escalation

Description

The plugin is vulnerable to Privilege Escalation due to the plugin not properly restricting user meta key updates through the cwp_save_user_fields() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to elevate their privileges to that of an administrator.

Affects Plugins

Plugin icon
cubewp-framework
Fixed in 1.1.25

References

CVE
CVE-2025-54735
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/a6b91ec6-c669-4a92-ae12-b6829f349687

Classification

Type
PRIVESC
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-269
CVSS
8.8 (high)

Miscellaneous

Original Researcher
Martino Spagnuolo
Verified
No
WPVDB ID
2e1042da-c975-4385-adf6-5b2f57c54051

Timeline

Publicly Published
2025-08-19 (about 8 months ago)
Added
2025-08-26 (about 8 months ago)
Last Updated
2025-08-26 (about 8 months ago)

Other

Published
Title
Published
2025-10-11
Title
Advanced scrollbar < 1.1.9 - Authenticated (Subscriber+) Privilege Escalation
Published
2020-03-05
Title
Brizy - Page Builder < 1.0.114 - Unauthenticated Site Settings Update
Published
2025-05-08
Title
IMITHEMES Listing < 3.4 - Unauthenticated Privilege Escalation via Unverified Password Reset
Published
2025-04-23
Title
My Tickets – Accessible Event Ticketing < 2.0.17 - Authenticated (Subscriber+) Privilege Escalation
Published
2023-08-11
Title
Premium Packages - Sell Digital Products Securely < 5.7.5 - Subscriber+ Privilege Escalation