DOM-Based XSS in CubeWP Framework by Emraan Cheema
CVE-2025-49882

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: CubeWP Framework
Vendor: CVE Published:; 17 June 2025

What is CVE-2025-49882?

A vulnerability in CubeWP Framework by Emraan Cheema allows attackers to exploit improper neutralization of input during web page generation, resulting in DOM-based cross-site scripting (XSS). This type of vulnerability can permit malicious actors to execute arbitrary JavaScript in the context of a user's browser, potentially leading to data theft, session hijacking, and other security breaches. The affected versions range from n/a to 1.1.23, necessitating immediate attention and remediation from users of the framework.

Affected Version(s)

CubeWP Framework <= 1.1.23

References

https://patchstack.com/database/wordpress/plugin/cubewp-f...

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 17, 2025
Vulnerability Reserved
Jun 11, 2025

Credit

muhammad yudha (Patchstack Alliance)