CVE-2025-11191

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions RealPress WordPress plugin versions prior to 1.1.0

Description The RealPress WordPress plugin does not properly validate permissions when registering REST routes. This allows for the creation of pages and the sending of emails on the site without authentication. The REST routes lack appropriate permission checks, enabling unauthorized actions.

Recommendations Update the RealPress WordPress plugin to version 1.1.0 or later.

Exploit

Fix

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862

Related Identifiers

CVE-2025-11191

Affected Products

Realpress

CVE-2025-11191

Weakness Enumeration

Related Identifiers

Affected Products

References · 6