CVE-2025-8487
BaseFortify
Publication date: 2025-09-19
Last updated on: 2025-09-19
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| kubio | kubio | 2.6.3 |
| kubio | image-hub | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, immediately update the Kubio AI Page Builder plugin to a version later than 2.6.3 where the issue is fixed. Additionally, restrict plugin installation capabilities to trusted administrator roles only and monitor for unauthorized plugin installations.
How can this vulnerability impact me? :
An attacker with Subscriber-level access or above can exploit this vulnerability to install unauthorized plugins, potentially leading to unauthorized changes, increased attack surface, or further compromise of the WordPress site.
Can you explain this vulnerability to me?
This vulnerability exists in the Kubio AI Page Builder plugin for WordPress, where a missing capability check on the 'kubio-image-hub-install-plugin' AJAX action allows authenticated users with Subscriber-level access or higher to install the Image Hub plugin without proper authorization.