CVE-2025-11255
BaseFortify
Publication date: 2025-10-25
Last updated on: 2025-10-27
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wordfence | password_policy_manager | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Password Policy Manager | Password Manager plugin for WordPress (up to version 2.0.5) where there is a missing capability check on the 'moppm_ajax' AJAX endpoint. This allows authenticated attackers with Subscriber-level access or higher to perform unauthorized actions, specifically to log out the site's connection to miniorange. Essentially, users with low-level access can manipulate data they should not be able to, due to insufficient permission checks in the plugin's AJAX handling. [2]
How can this vulnerability impact me? :
The impact of this vulnerability is that an attacker with Subscriber-level access or above can forcibly log out the site's connection to miniorange, potentially disrupting authentication or security services relying on that connection. This unauthorized modification could lead to denial of service for legitimate users or administrative disruption, although it does not directly compromise data confidentiality or availability beyond this logout action.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring AJAX requests to the 'moppm_ajax' endpoint for unauthorized or suspicious activity, especially from users with Subscriber-level access or above. Since the vulnerability involves missing capability checks on this AJAX endpoint, you can inspect web server logs or use tools like curl or wget to simulate requests to this endpoint and observe responses. For example, you might use a command like: curl -X POST -d 'action=moppm_ajax' https://yourwordpresssite.com/wp-admin/admin-ajax.php -H 'Cookie: wordpress_logged_in=...' to test if unauthorized modifications are possible. Additionally, checking for the plugin version (if it is 2.0.5 or below) can help identify vulnerable installations.
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to update the Password Policy Manager | Password Manager plugin to version 2.0.6 or later, which includes enhanced nonce verification and capability checks preventing unauthorized access. This update fixes the missing capability check on the 'moppm_ajax' AJAX endpoint and strengthens security by adding proper permission checks and nonce validation. Until the update is applied, restrict access to the AJAX endpoint if possible and monitor for suspicious activity. [2]