Extendthemes Kubio Ai Page Builder vulnerabilities
5 known vulnerabilities affecting extendthemes/kubio_ai_page_builder.
Total CVEs
5
CISA KEV
0
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL1MEDIUM4
Vulnerabilities
Page 1 of 1
CVE-2025-2294P1CRITICALCVSS 9.8ExploitedPoC≤ 2.5.12025-03-28
CVE-2025-2294 [CRITICAL] CWE-22 CVE-2025-2294: The Kubio AI Page Builder plugin for WordPress is vulnerable to Local File Inclusion in all versions
The Kubio AI Page Builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.5.1 via thekubio_hybrid_theme_load_template function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be
nvd
CVE-2026-5427P3MEDIUMCVSS 5.3≤ 2.7.22026-04-17
CVE-2026-5427 [MEDIUM] CWE-862 CVE-2026-5427: The Kubio plugin for WordPress is vulnerable to Arbitrary File Upload in versions up to and includin
The Kubio plugin for WordPress is vulnerable to Arbitrary File Upload in versions up to and including 2.7.2. This is due to insufficient capability checks in the kubio_rest_pre_insert_import_assets() function, which is hooked to the rest_pre_insert_{post_type} filter for posts, pages, templates, and template parts. When a post is created or updated vi
nvd
CVE-2025-8487P4MEDIUMCVSS 5.4≤ 2.6.32025-09-19
CVE-2025-8487 [MEDIUM] CWE-862 CVE-2025-8487: The Kubio AI Page Builder plugin for WordPress is vulnerable to unauthorized plugin installation due
The Kubio AI Page Builder plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the kubio-image-hub-install-plugin AJAX action in all versions up to, and including, 2.6.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install the Image Hub plugin.
nvd
CVE-2024-39661P4MEDIUMCVSS 6.5≥ n/a, ≤ 2.2.42024-08-01
CVE-2024-39661 [MEDIUM] CWE-79 CVE-2024-39661: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerab
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ExtendThemes Kubio AI Page Builder.This issue affects Kubio AI Page Builder: from n/a through 2.2.4.
nvd
CVE-2024-13516P4MEDIUMCVSS 6.1≤ 2.3.52025-01-18
CVE-2024-13516 [MEDIUM] CWE-79 CVE-2024-13516: The Kubio AI Page Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via t
The Kubio AI Page Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'message' parameter in all versions up to, and including, 2.3.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can succes
nvd