Vulnerabilities

CVE-2025-12129 - CubeWP – All-in-One Dynamic Content Framework <= 1.1.27 - unauthenticated inform...

2026-01-17 0 views admin

CVE ID : CVE-2025-12129 Published : Jan. 17, 2026, 7:27 a.m. | 1 hour, 1 minute ago Description : The CubeWP – All-in-One Dynamic Content Framework plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.27 via the /cubewp-posts/v1/query-new and /cubewp-posts/v1/query REST API endpoints due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to extract data from password protected, private, or draft posts that they should not have access to. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

CVE ID

CVE-2025-12129

Published

Jan. 17, 2026

Affected Product: WordPress

🏷️ Tags

cvevulnerabilitysecuritycybersecuritycve-2025-12129wordpress

CVE-2025-12129 - CubeWP – All-in-One Dynamic Content Framework <= 1.1.27 - unauthenticated inform...

CVE Details

🏷️ Tags

More from Vulnerabilities

CVE-2025-15530 - Open5GS s11-handler.c assertion

CVE-2025-10484 - Registration & Login with Mobile Phone Number for WooCommerce <= 1.3.1 - authent...

CVE-2025-8615 - CubeWP <= 1.1.26 - authenticated (contributor+) stored cross-site scripting via c...

CVE-2025-14078 - PAYGENT for WooCommerce <= 2.4.6 - missing authorization to unauthenticated paym...

Trending

Tech: Go-legacy-winxp: Compile Golang 1.24 code for Windows XP

Tech: Data is the only moat

Tech: Pocket TTS: A high quality TTS that gives your CPU a voice

Tech: AWS European Sovereign Cloud

Tech: JuiceFS is a distributed POSIX file system built on top of Redis and S3