Unauthorized Plugin Installation in Kubio AI Page Builder for WordPress
CVE-2025-8487

5.4MEDIUM

Key Information:

Vendor: WordPress
Status: Kubio Ai Page Builder
Vendor: CVE Published:; 19 September 2025

What is CVE-2025-8487?

The Kubio AI Page Builder plugin for WordPress is susceptible to a security flaw that allows authenticated users, such as those with Subscriber access or higher, to install the Image Hub plugin without proper capability verification. This vulnerability arises from a missing capability check on the kubio-image-hub-install-plugin AJAX action, posing a risk to website integrity and security. Users are advised to update to the latest version to mitigate this issue.

Affected Version(s)

Kubio AI Page Builder * <= 2.6.3

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/kubio/tags/2.6...

https://plugins.trac.wordpress.org/changeset/3361499/kubi...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 19, 2025
Vulnerability Reserved
Aug 1, 2025

Credit

wesley

JSON