CVE-2025-11627

MEDIUM

Site Checkup Debug AI Troubleshooting with Wizard and Tips for Each...

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-11627. PoCs published by jFriedli.

AI-analyzed exploit summary This repository contains a functional JavaScript-based proof-of-concept exploit for CVE-2025-11627, targeting a WordPress AJAX handler vulnerability. The exploit extracts a nonce from an inline script and sends a crafted request to trigger the vulnerability.

Description

The Site Checkup Debug AI Troubleshooting with Wizard and Tips for Each Issue plugin for WordPress is vulnerable to log file poisoning in all versions up to, and including, 1.47. This makes it possible for unauthenticated attackers to insert arbitrary content into log files, and potentially cause denial of service via disk space exhaustion.

Exploits (1)

nomisec WORKING POC
by jFriedli · poc
https://github.com/jFriedli/CVE-2025-11627

This repository contains a functional JavaScript-based proof-of-concept exploit for CVE-2025-11627, targeting a WordPress AJAX handler vulnerability. The exploit extracts a nonce from an inline script and sends a crafted request to trigger the vulnerability.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: WordPress (specific version not specified)
No auth needed
Prerequisites: Presence of the vulnerable WordPress plugin or theme containing the 'bill_minozzi_js_error_catched' action
devstral-2 · analyzed Apr 28, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 6.5
EPSS 0.0028
EPSS Percentile 19.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-117
Status published
Products (1)
sminozzi/Site Checkup Debug AI Troubleshooting with Wizard and Tips for Each Issue < 1.47
Published Oct 30, 2025
Tracked Since Feb 18, 2026