PT-2025-42308 · WordPress · Wordpress External Login

Published

2025-10-15

Updated

2025-10-15

CVE-2025-11196

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions WordPress External Login plugin versions through 1.11.2

Description The External Login plugin for WordPress has a flaw that could expose sensitive information. The 'exlog test connection' AJAX action does not properly verify user permissions or require security checks, allowing authenticated attackers with subscriber-level access or higher to access the configured external database. This access can reveal truncated usernames, email addresses, and password hashes through the diagnostic test results view.

Recommendations Update the WordPress External Login plugin to a version newer than 1.11.2.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2025-11196

Affected Products

Wordpress External Login

PT-2025-42308 · WordPress · Wordpress External Login

CVE-2025-11196

Weakness Enumeration

Related Identifiers

Affected Products

References · 8