CVE-2025-11693
Unknown Unknown - Not Provided
Sensitive Information Exposure in Export WP Page to Static HTML Plugin

Publication date: 2025-12-13

Last updated on: 2025-12-13

Assigner: Wordfence

Description
The Export WP Page to Static HTML & PDF plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.4 through publicly exposed cookies.txt files containing authentication cookies. This makes it possible for unauthenticated attackers to cookies that may have been injected into the log file if the site administrator triggered a back-up using a specific user role like 'administrator.'
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-13
Last Modified
2025-12-13
Generated
2026-06-16
AI Q&A
2025-12-13
EPSS Evaluated
2026-06-15
NVD
CVE-2025-11693
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
wordpress export_wp_page_to_static_html_and_pdf *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-200 The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Export WP Page to Static HTML & PDF plugin for WordPress, versions up to and including 4.3.4. It involves sensitive information exposure through publicly accessible cookies.txt files that contain authentication cookies. An unauthenticated attacker can access these cookies, which may have been injected into the log file if the site administrator triggered a backup using a specific user role such as 'administrator'.

Impact Analysis

The vulnerability can allow unauthenticated attackers to obtain authentication cookies, potentially leading to full compromise of the affected WordPress site. This can result in unauthorized access with administrator privileges, allowing attackers to view, modify, or delete sensitive data, disrupt site operations, or perform other malicious actions.

Compliance Impact

The vulnerability exposes sensitive authentication cookies through publicly accessible cookies.txt files, which can lead to unauthorized access to protected information. Such exposure of sensitive data can result in non-compliance with data protection regulations like GDPR and HIPAA, which mandate the protection of personal and sensitive information against unauthorized access. Therefore, this vulnerability poses a significant risk to compliance with these standards by potentially allowing data breaches involving sensitive user authentication data. [2]

Detection Guidance

Detection of this vulnerability involves checking for publicly exposed cookies.txt files that contain authentication cookies related to the Export WP Page to Static HTML & PDF plugin. You can scan your web server or backup directories for such files. For example, use commands like 'find /path/to/wordpress -name cookies.txt' to locate exposed cookie files. Additionally, monitoring HTTP requests for unauthorized access attempts to these files or unusual backup triggers by administrator roles can help detect exploitation attempts. [2]

Mitigation Strategies

Immediate mitigation steps include updating the Export WP Page to Static HTML & PDF plugin to version 5.0.0 or later, which contains the security patch addressing this vulnerability. Additionally, restrict public access to cookies.txt files and backup directories to prevent unauthorized exposure of authentication cookies. Implement proper file permissions and consider disabling or securing backup triggers that can be exploited by unauthorized users. Monitoring and sanitizing inputs, as well as ensuring secure handling of cookies and HTTP requests, are also recommended. [2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-11693. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart