CVE-2025-11627
Published: 30 October 2025
Summary
CVE-2025-11627 is a medium-severity Improper Output Neutralization for Logs (CWE-117) vulnerability in Wordpress (inferred from references). Its CVSS base score is 6.5 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 40.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as Other Platforms; in the Data-Related Vulnerabilities risk domain.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-36901
Vulnerability details
The Site Checkup Debug AI Troubleshooting with Wizard and Tips for Each Issue plugin for WordPress is vulnerable to log file poisoning in all versions up to, and including, 1.47. This makes it possible for unauthenticated attackers to insert arbitrary…
more
content into log files, and potentially cause denial of service via disk space exhaustion.
- CWE(s)
AI Security AnalysisAI
- AI Category
- Other Platforms
- Risk Domain
- Data-Related Vulnerabilities
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: ai
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Unauthenticated attackers can exploit the public-facing WordPress plugin vulnerability (T1190) to poison log files and exhaust disk space, enabling endpoint denial of service through application exploitation (T1499.004).
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.