CVE-2025-11881
AppPresser – Mobile App Framework <= 4.5.0 - Missing Authorization to Unauthenticated Limited Sensitive Information ExposureThe AppPresser – Mobile App Framework plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'myappp_verify' function in all versions up to, and including, 4.5.0. This makes it possible for unauthenticated attackers to extract sensitive data including plugin and theme names and version numbers, which can be used to facilitate targeted attacks against outdated or vulnerable components.
We have discovered 345 live websites that are affected by CVE-2025-11881.
Affected Software
| Product |  Apppresser |
| Category | Wordpress Plugins |
| Vulnerable Domains | 345 live websites (86% of Apppresser install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 28 versions ( 97% of all versions) |
Common Weakness Enumeration
CWE-862 Missing AuthorizationDetails
- Published - Oct 30, 2025
- Updated - Oct 30, 2025
Credits
- D01EXPLOIT OFFICIAL (finder)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2025-11881 United States | 183 websites |
 Italy | 19 websites |
 GB | 18 websites |
 Germany | 18 websites |
 Canada | 11 websites |
 Iran | 11 websites |
 France | 7 websites |
 Russia | 6 websites |
 Netherlands | 5 websites |
 Denmark | 5 websites |
Website Distribution by TLD
Number of websites using CVE-2025-11881| .com | 163 websites |
| .org | 43 websites |
| .net | 10 websites |
| .co.uk | 9 websites |
| .it | 9 websites |
| .ca | 8 websites |
| .de | 8 websites |
| .ru | 6 websites |
| .nl | 6 websites |
| .pl | 4 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2025-11881
Top websites that are affected by CVE-2025-11881. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| **************.com | United States | **,*** | |
| **************.com | United States | ***,*** | |
| *************.com |  South Africa | ***,*** | |
| ****.***.il |  Israel | ***,*** | |
| *******.gov | United States | ***,*** | |
| ******.com | United States | ***,*** | |
| ********.network | United States | ***,*** | |
| ******.org | United States | ***,*** | |
| *********.ca | Canada | ***,*** | |
| *************.is |  Iceland | ***,*** |
FAQ
CVE-2025-11881 is Missing Authorization in Apppresser
A total of 345 websites have been identified as vulnerable to CVE-2025-11881, based on global website indexing conducted by WebTechSurvey.
The Apppresser is affected by the CVE-2025-11881 vulnerability.
Apppresser versions up to and including 4.5 are vulnerable to CVE-2025-11881.
References
- https://www.wordfence.com/threat-intel/vulnerabilities/id/62c3f54c-6bfb-4f11-9457-a09d28f83175?source=cve
- https://plugins.trac.wordpress.org/browser/apppresser/tags/4.5.0/inc/AppPresser_WPAPI_Mods.php#L162
- https://plugins.trac.wordpress.org/browser/apppresser/tags/4.5.0/inc/AppPresser_WPAPI_Mods.php#L879
- https://plugins.trac.wordpress.org/changeset/3385855/