CNNVD-202510-3340 Information

Oct 25, 2025 cve

CNNVD ID

CNNVD-202510-3340

CVE-2025-11504

CNNVD Published: 2025-10-25

Description (Chinese)

WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台具有在基于PHP和MySQL的服务器上架设个人博客网站的功能。WordPress plugin是一个应用插件。 WordPress plugin Quickcreator 0.0.9版本至0.1.17版本存在日志信息泄露漏洞，该漏洞源于文件/wp-content/plugins/quickcreator/dupasrala.txt暴露敏感信息，可能导致未经验证的攻击者查看API密钥并执行创建新帖子和注入跨站脚本等操作。

Description (English)

WordPress and WordPressplugin are products of WordPress. WordPress is a blog platform developed in the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL-based servers. WordPress plugin is an application plugin. WordPress plugin Quickcreator 0.0.9 to 0.1.17 has a log information leak that originates from the exposure of sensitive information to documents/wp-content/plugins/quickcreator/dupasrala.txt, which may lead to uncertified assailants to view the API key and perform operations such as creating new posts and injecting cross-site scripts.

Hazard Level

Medium

Vulnerability Type

日志信息泄露

Affected Vendor

WordPress

Published

2025-10-25

Last Modified

2026-02-24

References

https://wordpress.org/plugins/quickcreator/ https://www.wordfence.com/threat-intel/vulnerabilities/id/561f171e-f13e-408b-a63e-bf6a512d4463?source=cve https://access.redhat.com/security/cve/cve-2025-11504

Share on: