CVE-2025-30994
WordPress CubeWP – All-in-One Dynamic Content Framework plugin <= 1.1.23 - Cross Site Request Forgery (CSRF) to Settings Change vulnerabilityCross-Site Request Forgery (CSRF) vulnerability in Emraan Cheema CubeWP – All-in-One Dynamic Content Framework allows Cross Site Request Forgery. This issue affects CubeWP – All-in-One Dynamic Content Framework: from n/a through 1.1.23.
We have discovered 494 live websites that are affected by CVE-2025-30994.
Affected Software
| Product |  Cubewp Framework |
| Category | Wordpress Plugins |
| Vulnerable Domains | 494 live websites (100% of Cubewp Framework install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 14 versions ( 100% of all versions) |
Common Weakness Enumeration
CWE-352 Cross-Site Request Forgery (CSRF)Details
- Published - Jun 6, 2025
- Updated - Jun 6, 2025
Credits
- Nguyen Tran Tuan Dung (domiee13) (Patchstack Alliance) (finder)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2025-30994 United States | 199 websites |
 Germany | 47 websites |
 Cyprus | 46 websites |
 GB | 34 websites |
 France | 19 websites |
 South Africa | 14 websites |
 Australia | 10 websites |
 Spain | 10 websites |
 Canada | 10 websites |
 Singapore | 9 websites |
Website Distribution by TLD
Number of websites using CVE-2025-30994| .com | 260 websites |
| .org | 24 websites |
| .net | 20 websites |
| .co.uk | 12 websites |
| .de | 11 websites |
| .ca | 9 websites |
| .fr | 8 websites |
| .pl | 8 websites |
| .com.au | 8 websites |
| .it | 8 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2025-30994
Top websites that are affected by CVE-2025-30994. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *********.ca | Canada | ***,*** | |
| *********************.ch |  Switzerland | ***,*** | |
| ************************.org | United States | ***,*** | |
| ***********.com | Cyprus | ***,*** | |
| **********.***.au | United States | *,***,*** | |
| *************.com | United States | *,***,*** | |
| *********.com | United States | *,***,*** | |
| ***********.de | Germany | *,***,*** | |
| ********.com | United States | *,***,*** | |
| **********.**.za | South Africa | *,***,*** |
FAQ
CVE-2025-30994 is Cross-Site Request Forgery (CSRF) in Cubewp Framework
A total of 494 websites have been identified as vulnerable to CVE-2025-30994, based on global website indexing conducted by WebTechSurvey.
The Cubewp Framework is affected by the CVE-2025-30994 vulnerability.
Cubewp Framework versions up to and including 1.1.23 are vulnerable to CVE-2025-30994.