Exploitation Summary
EIP tracks 1 public exploit for CVE-2025-11986. PoCs published by jFriedli.
AI-analyzed exploit summary This repository contains a functional exploit PoC for CVE-2025-11986, demonstrating an authentication bypass in a WordPress plugin via nonce extraction and manipulation of NFT-related parameters. The exploit includes both command-line and browser-based methods to verify unauthorized access to restricted content.
Description
The Crypto plugin for WordPress is vulnerable to Information exposure in all versions up to, and including, 2.22. This is due to the plugin registering an unauthenticated AJAX action (wp_ajax_nopriv_crypto_connect_ajax_process) that allows calling the register and savenft methods with only a publicly-available nonce check and no wallet signature verification. This makes it possible for unauthenticated attackers to set a site-wide global authentication state via a single transient, bypassing all access controls for ALL visitors to the site. The impact is complete bypass of [crypto-block] shortcode restrictions and page-level access controls, affecting all site visitors for one hour, plus the ability to inject arbitrary data into the plugin's custom_users table.
Exploits (1)
This repository contains a functional exploit PoC for CVE-2025-11986, demonstrating an authentication bypass in a WordPress plugin via nonce extraction and manipulation of NFT-related parameters. The exploit includes both command-line and browser-based methods to verify unauthorized access to restricted content.
References (5)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N