The RealPress WordPress plugin before 1.1.0 registers the REST routes without proper permission checks, allowing the creation of pages and sending of emails from the site.
PUBLISHED5.2
RealPress < 1.1.0 - Unauthenticated Content Creation/Email Sending via REST
Problem type
- CWE-862 Missing Authorization
Affected products
Unknown
RealPress
< 1.1.0 - AFFECTED
References
GitHub Security Advisories
GHSA-7gxx-5pqg-v8f2
The RealPress WordPress plugin before 1.1.0 registers the REST routes without proper permission...
https://github.com/advisories/GHSA-7gxx-5pqg-v8f2The RealPress WordPress plugin before 1.1.0 registers the REST routes without proper permission checks, allowing the creation of pages and sending of emails from the site.
JSON source
Click to expand
{
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"cveMetadata": {
"cveId": "CVE-2025-11191",
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"dateUpdated": "2025-10-31T14:03:01.749Z",
"dateReserved": "2025-09-30T12:38:44.699Z",
"datePublished": "2025-10-31T06:00:03.402Z",
"state": "PUBLISHED"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan",
"dateUpdated": "2025-10-31T06:00:03.402Z"
},
"title": "RealPress < 1.1.0 - Unauthenticated Content Creation/Email Sending via REST",
"descriptions": [
{
"lang": "en",
"value": "The RealPress WordPress plugin before 1.1.0 registers the REST routes without proper permission checks, allowing the creation of pages and sending of emails from the site."
}
],
"affected": [
{
"vendor": "Unknown",
"product": "RealPress",
"defaultStatus": "unaffected",
"versions": [
{
"version": "0",
"status": "affected",
"versionType": "semver",
"lessThan": "1.1.0"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"lang": "en",
"description": "CWE-862 Missing Authorization",
"type": "CWE"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/74f19ff2-d5c0-4bd4-83f2-688ea37022b1/",
"tags": [
"exploit",
"vdb-entry",
"technical-description"
]
}
],
"credits": [
{
"lang": "en",
"value": "Khaled Alenazi (Nxploited)",
"type": "finder"
},
{
"lang": "en",
"value": "WPScan",
"type": "coordinator"
}
]
},
"adp": [
{
"providerMetadata": {
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP",
"dateUpdated": "2025-10-31T14:03:01.749Z"
},
"title": "CISA ADP Vulnrichment",
"metrics": [
{
"cvssV3_1": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
}
},
{}
]
}
]
}
}