CubeWP Framework

Cross Site Scripting (XSS) Vulnerability <= 1.1.23

inOne Dynamic Content Framework plugin <= 1.1.23 Authenticated (Subscriber+) Privilege Escalation vulnerability <= 1.1.23

inOne Dynamic Content Framework plugin <= 1.1.24 Cross Site Request Forgery (CSRF) to Settings Change vulnerability <= 1.1.24

inOne Dynamic Content Framework plugin <= 1.1.15 Broken Access Control vulnerability <= 1.1.15

Arbitrary File Upload vulnerability <= 1.1.12