PT-2025-46791 · WordPress · Wp Headless Cms Framework
Published
2025-11-13
·
Updated
2025-11-13
·
CVE-2025-11260
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
WP Headless CMS Framework versions up to and including 1.15
Description
The WP Headless CMS Framework plugin for WordPress has a flaw where its protection mechanisms can be bypassed. The plugin only verifies the presence of the Authorization header to determine whether to bypass nonce protection. This allows unauthenticated attackers to access content they are not authorized to view.
Recommendations
Update WP Headless CMS Framework to a version later than 1.15.
Fix
Protection Mechanism Failure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wp Headless Cms Framework