PT-2025-44917 · WordPress · Ce21 Suite
Kenneth Dunn
·
Published
2025-11-04
·
Updated
2025-11-04
·
CVE-2025-11008
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
CE21 Suite plugin for WordPress versions prior to 2.3.2
Description
The CE21 Suite plugin for WordPress is susceptible to sensitive information exposure through the log file. This allows unauthenticated attackers to extract sensitive data, including authentication credentials. Successful exploitation could enable attackers to log in as other users, potentially including administrators, leading to a complete site takeover. The plugin’s custom authentication feature must have been used by the target user for successful credential extraction.
Recommendations
Update the CE21 Suite plugin to a version later than 2.3.1.
Fix
LPE
Insertion into Log File
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ce21 Suite