CVE-2025-11174

Sažetak

The Document Library Lite plugin for WordPress is vulnerable to Improper Authorization in all versions up to, and including, 1.1.6. This is due to the plugin exposing an unauthenticated AJAX action dll_load_posts which returns a JSON table of document data without performing nonce or capability checks. The handler accepts an attacker-controlled args array where the status option explicitly allows draft, pending, future, and any. This makes it possible for unauthenticated attackers to retrieve unpublished document titles and content via the AJAX endpoint.

Reference

https://plugins.trac.wordpress.org/browser/document-library-lite/tags/1.1.5/src/Simple_Document_Library.php#L492
https://plugins.trac.wordpress.org/browser/document-library-lite/tags/1.1.5/src/Table/Ajax_Handler.php#L23
https://plugins.trac.wordpress.org/browser/document-library-lite/tags/1.1.5/src/Table/Ajax_Handler.php#L32
https://plugins.trac.wordpress.org/changeset/3385033/document-library-lite/trunk/src/Table/Ajax_Handler.php
https://www.wordfence.com/threat-intel/vulnerabilities/id/2b73d48a-1f10-4e47-a18f-82a3103b72bd?source=cve

CVSS

Base:	5.3
Impact:	1.4
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
LOW	NONE	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Zadnje važnije ažuriranje

01-11-2025 - 02:15

Objavljeno

01-11-2025 - 02:15