CVE-2025-11008
Published: 04 November 2025
Description
Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials.
Security Summary
CVE-2025-11008 is a sensitive information exposure vulnerability (CWE-532) in the CE21 Suite plugin for WordPress, affecting all versions up to and including 2.3.1. The flaw occurs via the plugin's log file, which improperly stores and exposes sensitive data such as authentication credentials.
Unauthenticated attackers can exploit this vulnerability remotely with low complexity, as indicated by its CVSS v3.1 score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). By accessing the log file, they can extract credentials used by other users who have previously utilized the plugin's custom authentication feature. This enables attackers to log in as those users, potentially including administrators, resulting in full site takeover.
Mitigation details are available in advisories from Wordfence (https://www.wordfence.com/threat-intel/vulnerabilities/id/91aa86d9-8e42-4deb-b6ca-c3b388fefcb1?source=cve) and the plugin's WordPress page (https://wordpress.org/plugins/ce21-suite/).
Details
- CWE(s)
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability allows unauthenticated remote access to a log file exposing authentication credentials (T1552.001) via exploitation of a public-facing WordPress plugin (T1190).