CVE-2025-13496
Unauthorized Data Modification in Moosend Landing Pages Plugin
Publication date: 2026-01-07
Last updated on: 2026-01-07
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| moosend | moosend_landing_pages | to 1.1.6 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability involves insecure transmission of user credentials via GET requests, which can expose sensitive data such as email and password in URLs, logs, or browser history. This exposure risks unauthorized access and potential data breaches, which could lead to non-compliance with data protection regulations like GDPR and HIPAA that require safeguarding personal and sensitive information. Therefore, this vulnerability negatively impacts compliance by increasing the risk of unauthorized data disclosure and insufficient protection of user credentials. [2, 3]
Can you explain this vulnerability to me?
CVE-2025-13496 is a vulnerability in the Moosend Landing Pages WordPress plugin where the function moosend_landings_auth_get handles user authentication by sending user credentials (email and password) via an insecure GET request to an external API. This means sensitive login information is exposed in URLs, which can be logged or intercepted. Additionally, the plugin lacks proper security measures such as nonce verification or capability checks, allowing authenticated users with Subscriber-level access or higher to delete the 'moosend_landing_api_key' option value, leading to unauthorized modification of data. [2, 3]
How can this vulnerability impact me? :
This vulnerability can lead to exposure of user credentials due to insecure transmission via GET parameters, which can be logged or intercepted. Attackers with Subscriber-level access or above can delete critical API key data, potentially disrupting plugin functionality or gaining unauthorized access. The lack of proper security checks also increases the risk of Cross-Site Request Forgery (CSRF) attacks and unauthorized data modification. [2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring network traffic for GET requests to the external authentication API endpoint https://authentication.m-operations.com/api/user/authenticate.json containing sensitive credentials in URL parameters. You can use network capture tools like tcpdump or Wireshark to filter such requests. For example, a tcpdump command to detect these GET requests could be: tcpdump -i any -A 'tcp port 80 or tcp port 443' | grep 'authentication.m-operations.com/api/user/authenticate.json'. Additionally, inspecting WordPress logs or plugin files for the presence of the vulnerable moosend_landings_auth_get function in auth-request.php can help identify affected installations. [2, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the Moosend Landing Pages plugin to trusted users only, especially limiting Subscriber-level access to prevent unauthorized API key deletion. Disable or remove the vulnerable plugin version (up to and including 1.1.6) until a patched version is available. Monitor and block outgoing requests to the external authentication API endpoint to prevent credential exposure. Additionally, implement network-level monitoring and alerts for suspicious GET requests containing credentials. Applying WordPress security best practices such as enforcing HTTPS, using capability checks, and adding nonce verification on forms can also help mitigate risks. [2, 3]