CubeWP Plugin Vulnerability - CVE-2025-4315

I'd like to inform you about a critical security vulnerability affecting the CubeWP – All-in-One Dynamic Content Framework plugin for WordPress.

Vulnerability Summary:

All versions of the plugin up to and including 1.1.23 are vulnerable to a Privilege Escalation issue. The flaw stems from the plugin’s improper use of the update_user_meta() function, which allows arbitrary user meta updates.

This means that authenticated users with Subscriber-level access or higher can exploit this vulnerability to escalate their privileges to that of an Administrator.

• CVE ID: CVE-2025-4315

• Severity: High

• CVSS Score: 8.8 (High)

What You Should Do:

Update the CubeWP plugin immediately to the latest patched version (1.1.24).

Audit your site’s user roles to ensure no unauthorized privilege changes have occurred.

Your website’s security is my top priority.

Please don’t hesitate to reach out if you need help updating or securing your site.