CVE-2025-11007

Name of the Vulnerable Software and Affected Versions CE21 Suite versions 2.2.1 through 2.3.1

Description The CE21 Suite plugin for WordPress is affected by an issue allowing unauthorized updates to plugin settings. A missing capability check on the wp ajax nopriv ce21 single sign on save api settings AJAX action allows unauthenticated attackers to modify the plugin’s API settings, including a secret key used for authentication. Successful exploitation enables attackers to create new administrator accounts on a vulnerable site.

Recommendations Update CE21 Suite to a version later than 2.3.1.