Summary: A critical security vulnerability (CVE-2025-2294) has been identified in the Kubio AI Page Builder plugin for WordPress, affecting all versions up to 2.5.1. This flaw allows unauthenticated attackers to execute arbitrary PHP code on servers, posing significant risks to affected websites. Users are urged to update to version 2.5.2 or later to mitigate this threat.
Affected: Kubio AI Page Builder plugin for WordPress
Keypoints :
- Critical Local File Inclusion (LFI) vulnerability enables unauthorized file access and execution.
- Exploitation can lead to bypassing access controls, obtaining sensitive data, and executing malicious code.
- The vulnerability has a CVSS score of 9.8, highlighting its severity and potential for damage.
- Users should update to version 2.5.2 or later immediately to secure their sites.
Source: https://securityonline.info/cve-2025-2294-targets-wordpress-plugin-with-90000-active-installs/
Views: 16
简体中文
Nederlands
Français
Bahasa Indonesia
日本語
Português