CVE-2025-11174
BaseFortify
Publication date: 2025-11-01
Last updated on: 2025-11-04
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| barn2_media | document_library_lite | 1.1.6 |
| barn2_media | document_library_lite | 1.1.7 |
| barn2_media | document_library_lite | 1.1.5 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-285 | The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Document Library Lite WordPress plugin (up to version 1.1.6) where an AJAX action named 'dll_load_posts' is exposed to unauthenticated users without proper authorization checks. This AJAX endpoint returns a JSON table of document data, including unpublished documents (draft, pending, future), because it does not perform nonce or capability checks. Attackers can exploit this by sending crafted requests to retrieve document titles and content that should not be publicly accessible. [1]
How can this vulnerability impact me? :
The vulnerability allows unauthenticated attackers to access unpublished document titles and content from the affected WordPress site. This can lead to unauthorized disclosure of sensitive or confidential information that was not intended for public viewing. While it does not allow modification or deletion of data, the exposure of draft or pending documents can compromise privacy and confidentiality. [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability can negatively impact compliance with standards and regulations such as GDPR and HIPAA because it allows unauthorized access to potentially sensitive or personal data contained in unpublished documents. Unauthorized disclosure of such information may violate data protection and privacy requirements, leading to regulatory non-compliance and potential legal consequences. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for unauthenticated AJAX POST requests to the WordPress endpoint that trigger the 'dll_load_posts' action. Specifically, look for POST requests to admin-ajax.php with the parameter 'action=dll_load_posts' coming from unauthenticated users. A simple detection command using curl could be: curl -X POST -d 'action=dll_load_posts&args[status]=draft' https://yourwordpresssite.com/wp-admin/admin-ajax.php If this returns JSON data including unpublished document titles or content without authentication, the system is vulnerable. Network intrusion detection systems (NIDS) can be configured to alert on such unauthenticated AJAX calls with suspicious 'status' parameters like 'draft', 'pending', or 'future'. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating the Document Library Lite plugin to version 1.1.7 or later, where the vulnerability is fixed by enforcing nonce verification and capability checks for AJAX requests that request non-published content. If updating is not immediately possible, restrict access to the AJAX endpoint for unauthenticated users via web server rules or firewall policies to block POST requests with 'action=dll_load_posts' from unauthenticated sources. Additionally, monitor and audit AJAX requests to detect exploitation attempts. [4]