CVE-2025-11174

MEDIUM

Document Library Lite <1.1.6 - Auth Bypass

Title source: llm

Description

The Document Library Lite plugin for WordPress is vulnerable to Improper Authorization in all versions up to, and including, 1.1.6. This is due to the plugin exposing an unauthenticated AJAX action dll_load_posts which returns a JSON table of document data without performing nonce or capability checks. The handler accepts an attacker-controlled args array where the status option explicitly allows draft, pending, future, and any. This makes it possible for unauthenticated attackers to retrieve unpublished document titles and content via the AJAX endpoint.

Exploits (1)

github WORKING POC

by SnailSploit · pythonpoc

https://github.com/SnailSploit/CVE-2025-11174

View Code ZIP pw:eip

References (5)

[Product] https://plugins.trac.wordpress.org/browser/document-library-lite/tags/1.1.5/src/Simple_Document_Library.php#L492

[Product] https://plugins.trac.wordpress.org/browser/document-library-lite/tags/1.1.5/src/Table/Ajax_Handler.php#L23

[Product] https://plugins.trac.wordpress.org/browser/document-library-lite/tags/1.1.5/src/Table/Ajax_Handler.php#L32

[Product] https://plugins.trac.wordpress.org/changeset/3385033/document-library-lite/trunk/src/Table/Ajax_Handler.php

[Third Party Advisory] https://www.wordfence.com/threat-intel/vulnerabilities/id/2b73d48a-1f10-4e47-a18f-82a3103b72bd?source=cve

Scores

CVSS v3 5.3

EPSS 0.0009

EPSS Percentile 25.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE

CWE-285

Status published

Products (1)

barn2media/Document Library Lite < 1.1.6

Published Nov 01, 2025

Tracked Since Feb 18, 2026