CVE-2025-11008
CE21 Suite <= 2.3.1 - Unauthenticated Sensitive Information Exposure to Privilege EscalationThe CE21 Suite plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.3.1 via the log file. This makes it possible for unauthenticated attackers to extract sensitive data including authentication credentials, which can be used to log in as other users as long as they have used the plugin's custom authentication feature before. This may include administrators, which makes a complete site takeover possible.
We have discovered 35 live websites that are affected by CVE-2025-11008.
Affected Software
| Product |  Ce21 Suite |
| Category | Wordpress Plugins |
| Vulnerable Domains | 35 live websites (100% of Ce21 Suite install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 1 versions ( 100% of all versions) |
Common Weakness Enumeration
CWE-532 Insertion of Sensitive Information into Log FileDetails
- Published - Nov 4, 2025
- Updated - Nov 4, 2025
Credits
- Kenneth Dunn (finder)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2025-11008 United States | 35 websites |
Website Distribution by TLD
Number of websites using CVE-2025-11008| .org | 23 websites |
| .com | 11 websites |
| .info | 1 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2025-11008
Top websites that are affected by CVE-2025-11008. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| **********.org | United States | ***,*** | |
| ********.org | United States | ***,*** | |
| ****.org | United States | ***,*** | |
| *************.org | United States | ***,*** | |
| ****.info | United States | ***,*** | |
| *******.org | United States | ***,*** | |
| ********************.org | United States | ***,*** | |
| *******.com | United States | *,***,*** | |
| *******.org | United States | *,***,*** | |
| *********.org | United States | *,***,*** |
FAQ
CVE-2025-11008 is Insertion of Sensitive Information into Log File in Ce21 Suite
A total of 35 websites have been identified as vulnerable to CVE-2025-11008, based on global website indexing conducted by WebTechSurvey.
The Ce21 Suite is affected by the CVE-2025-11008 vulnerability.
Ce21 Suite versions up to and including 2.3.1 are vulnerable to CVE-2025-11008.