CVE-2025-11627
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-10-30
Last updated on: 2025-10-30
Assigner: Wordfence
Description
Description
The Site Checkup Debug AI Troubleshooting with Wizard and Tips for Each Issue plugin for WordPress is vulnerable to log file poisoning in all versions up to, and including, 1.47. This makes it possible for unauthenticated attackers to insert arbitrary content into log files, and potentially cause denial of service via disk space exhaustion.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wordpress | site_checkup | 1.47 |
| wordpress | bill_catch_errors | 1.48 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-117 | The product constructs a log message from external input, but it does not neutralize or incorrectly neutralizes special elements when the message is written to a log file. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Site Checkup Debug AI Troubleshooting with Wizard and Tips for Each Issue plugin for WordPress, affecting all versions up to and including 1.47. It allows unauthenticated attackers to perform log file poisoning by inserting arbitrary content into log files.
How can this vulnerability impact me? :
The vulnerability can lead to denial of service by exhausting disk space through the insertion of arbitrary content into log files. This can disrupt the normal operation of the affected WordPress site.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70