CVE-2025-11191
BaseFortify
Publication date: 2025-10-31
Last updated on: 2025-11-04
Assigner: WPScan
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| realpress | realpress | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the RealPress WordPress plugin (versions before 1.1.0) occurs because the plugin registers REST API routes without proper permission checks. This flaw allows unauthenticated users to create new pages and send emails through the site by exploiting specific REST endpoints. Essentially, attackers can publish arbitrary content and send emails from the site without needing to log in or have authorization. [1]
How can this vulnerability impact me? :
The vulnerability can impact you by allowing attackers to create and publish unauthorized pages on your WordPress site, which could be used to display malicious content or deface your site. Additionally, attackers can send emails from your site, potentially facilitating spam campaigns or phishing attacks that appear to come from your domain. This can damage your site's reputation, lead to blacklisting, and cause trust issues with your users. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
You can detect this vulnerability by checking if your WordPress site is running the RealPress plugin version prior to 1.1.0 and by testing the vulnerable REST API endpoints. For example, you can use curl commands to attempt unauthenticated POST requests to the endpoints: 1. To test unauthenticated page creation: curl -X POST https://your-site.com/wp-json/realpress/v1/page -H "Content-Type: application/json" -d '{"title": "Injected Page", "content": "<h1>owned</h1>", "post_type": "page", "post_status": "publish"}' 2. To test unauthenticated email sending: curl -X POST https://your-site.com/wp-json/realpress/v1/contact-form -H "Content-Type: application/json" -d '{"name": "attacker", "phone": "000", "message": "test", "terms_and_conditions": "on", "cc_admin": "on"}' If these requests succeed without authentication, your site is vulnerable. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to update the RealPress WordPress plugin to version 1.1.0 or later, where the issue is fixed. Until the update can be applied, you may consider disabling the plugin or restricting access to the vulnerable REST API endpoints to authenticated users only, for example by using firewall rules or security plugins that limit REST API access. [1]