CVE-2025-11191
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-31

Last updated on: 2025-11-04

Assigner: WPScan

Description
The RealPress WordPress plugin before 1.1.0 registers the REST routes without proper permission checks, allowing the creation of pages and sending of emails from the site.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-31
Last Modified
2025-11-04
Generated
2026-06-16
AI Q&A
2025-10-31
EPSS Evaluated
2026-06-15
NVD
CVE-2025-11191
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
realpress realpress *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in the RealPress WordPress plugin (versions before 1.1.0) occurs because the plugin registers REST API routes without proper permission checks. This flaw allows unauthenticated users to create new pages and send emails through the site by exploiting specific REST endpoints. Essentially, attackers can publish arbitrary content and send emails from the site without needing to log in or have authorization. [1]

Impact Analysis

The vulnerability can impact you by allowing attackers to create and publish unauthorized pages on your WordPress site, which could be used to display malicious content or deface your site. Additionally, attackers can send emails from your site, potentially facilitating spam campaigns or phishing attacks that appear to come from your domain. This can damage your site's reputation, lead to blacklisting, and cause trust issues with your users. [1]

Detection Guidance

You can detect this vulnerability by checking if your WordPress site is running the RealPress plugin version prior to 1.1.0 and by testing the vulnerable REST API endpoints. For example, you can use curl commands to attempt unauthenticated POST requests to the endpoints: 1. To test unauthenticated page creation: curl -X POST https://your-site.com/wp-json/realpress/v1/page -H "Content-Type: application/json" -d '{"title": "Injected Page", "content": "<h1>owned</h1>", "post_type": "page", "post_status": "publish"}' 2. To test unauthenticated email sending: curl -X POST https://your-site.com/wp-json/realpress/v1/contact-form -H "Content-Type: application/json" -d '{"name": "attacker", "phone": "000", "message": "test", "terms_and_conditions": "on", "cc_admin": "on"}' If these requests succeed without authentication, your site is vulnerable. [1]

Mitigation Strategies

The immediate step to mitigate this vulnerability is to update the RealPress WordPress plugin to version 1.1.0 or later, where the issue is fixed. Until the update can be applied, you may consider disabling the plugin or restricting access to the vulnerable REST API endpoints to authenticated users only, for example by using firewall rules or security plugins that limit REST API access. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-11191. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart