AI description
CVE-2025-2294 is a Local File Inclusion (LFI) vulnerability found in the Kubio AI Page Builder plugin for WordPress, affecting versions up to and including 2.5.1. The vulnerability exists within the `kubio_hybrid_theme_load_template` function. This flaw allows unauthenticated attackers to include and execute arbitrary files on the server. By exploiting this, attackers can execute PHP code, bypass access controls, and potentially obtain sensitive data. In scenarios where attackers can upload files, such as images, they can include and execute them to run malicious PHP code.
- Description
- The Kubio AI Page Builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.5.1 via thekubio_hybrid_theme_load_template function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
- Source
- security@wordfence.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- security@wordfence.com
- CWE-22
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
1
🚨 Critical flaw in the Kubio AI Page Builder plugin for WordPress (CVE-2025-2294) allows unauthorized PHP code execution! Update to 2.5.2 to protect your site. CVSS score: 9.8! #WordPress #CyberThreat #USA link: https://t.co/qX3hIcsMqR https://t.co/F5P4asMVO9
@TweetThreatNews
31 Mar 2025
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-2294 Targets WordPress Plugin with 90,000+ Active Installs https://t.co/nc1usLhaBK #cybersecuritytips #cybersecurityawareness #100DaysOfHacking #100daysofcoding #100daysofcoding #cybersecuritytips
@HugoValters
31 Mar 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-2294: Path Traversal in Kubio WordPress plugin, 9.8 rating 🔥 Vuln found in a popular plugin allows unauth attackers to execute any code in PHP files on the server. Search at https://t.co/hv7QKSqxTR: 👉 Link: https://t.co/d9SgWyZnlt #cybersecurity #vulnerability_map h
@Netlas_io
31 Mar 2025
25 Impressions
1 Retweet
1 Like
1 Bookmark
0 Replies
0 Quotes
⚠️ Vulnerability Alert: Kubio AI Page Builder for WordPress Local File Inclusion Vulnerability 📅 Timeline: Disclosure: 2025-03-28, Patch: 2025-03-30 📌 Attribution: Researcher: mikemyers 🆔cveId: CVE-2025-2294 📊baseScore: 9.8 📏cvssMetrics:
@syedaquib77
30 Mar 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
9万サイト以上にインストールされているWordPressのプラグインKubio AI Page Builderに重大(Critical)な脆弱性。CVE-2025-2294はCVSSスコア9.9で、LFI脆弱性。未認証の攻撃者がサーバ上の任意のファイル内のPHPコードを実行可能。バージョン2.5.2で修正。 https://t.co/6FzMCnyW4f
@__kokumoto
30 Mar 2025
1613 Impressions
2 Retweets
17 Likes
4 Bookmarks
2 Replies
0 Quotes
WordPressの人気プラグイン「Kubio AI Page Builder」に認証なしで任意のファイルをサーバー上に読み込み・実行可能なLFI脆弱性が発見された(CVE-2025-2294)。機密情報の取得や任意コードの実行が可能となる。 https://t.co/oJkrLjsMZG
@yousukezan
30 Mar 2025
800 Impressions
2 Retweets
5 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-2294 Targets WordPress Plugin with 90,000+ Active Installs https://t.co/IejRoVRCfR
@Dinosn
30 Mar 2025
13568 Impressions
68 Retweets
221 Likes
74 Bookmarks
0 Replies
2 Quotes
�� CVE-2025-2294 - WordPress - HIGH 🚨 🗓️ Date published 2025-03-28 05:15:41 UTC #WordPress #CyberSecurity #InfoSec #Vulnerability #TechNews https://t.co/DgOl9rBFkj
@vulns_space
28 Mar 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-2294: CRITICAL] Beware! Vulnerability in Kubio AI Page Builder plugin for WordPress (up to v2.5.1) via thekubio_hybrid_theme_load_template function allows unauthenticated attackers to execute arbitrary f...#cybersecurity,#vulnerability https://t.co/7brpH72sw9 https://t.
@CveFindCom
28 Mar 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes