CVE-2025-2294 PoC — WordPress plugin Kubio AI Page Builder 路径遍历漏洞

Source

https://github.com/realcodeb0ss/CVE-2025-2294-PoC

Associated Vulnerability

Title:WordPress plugin Kubio AI Page Builder 路径遍历漏洞 (CVE-2025-2294)
Description:WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin Kubio AI Page Builder 2.5.1及之前版本存在路径遍历漏洞，该漏洞源于kubio_hybrid_theme_load_template函数存在本地文件包含，可能导致未认证攻击者包含和执行任意文件。

Description

CVE-2025-2294 < Wordpress Kubio[Plugin] - Local File Inclusion[LFI].

Readme

# CVE-2025-2294 PoC

![Screenshot 2025-04-04 015544](https://github.com/user-attachments/assets/7938eb16-0dda-4fc3-90ad-b4c249eabac1)


https://securityonline.info/cve-2025-2294-targets-wordpress-plugin-with-90000-active-installs/

CVE-2025-2294 &lt; Wordpress Kubio[Plugin] - Local File Inclusion[LFI].

dork: inurl wp-content/plugins/kubio

File Snapshot


 [4.0K]  /data/pocs/260050377fee8526b1cebe086e765f5a57af7609
├── [ 18K]  CVE-2025-2294.py
├── [265K]  CVE-2025-2294-wp-90kinstalled.zip
├── [4.0K]  pytransform
│   ├── [   1]  @
│   ├── [ 11K]  __init__.py
│   ├── [ 15K]  __init__.pyc
│   ├── [ 220]  license.lic
│   ├── [699K]  _pytransform.dll
│   └── [ 476]  pytransform.key
└── [ 342]  README.md

1 directory, 9 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!