CVE-2025-10694
📋 TL;DR
This vulnerability allows unauthenticated attackers to access the User Feedback plugin's onboarding wizard page in WordPress, exposing configuration information including administrator email addresses. All WordPress sites using User Feedback plugin versions 1.8.0 and earlier are affected. The issue stems from a missing capability check in the maybe_load_onboarding_wizard function.
💻 Affected Systems
- User Feedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds WordPress plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could harvest administrator email addresses for targeted phishing campaigns, potentially leading to full site compromise through credential theft or social engineering attacks.
Likely Case
Attackers will collect administrator email addresses to build target lists for spam, phishing, or credential stuffing attacks against WordPress administrators.
If Mitigated
With proper email security controls and administrator awareness training, the exposed email addresses pose minimal additional risk beyond normal internet exposure.
🎯 Exploit Status
The vulnerability requires no authentication and can be exploited with simple HTTP requests to the vulnerable endpoint.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version 1.8.1 or later
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'User Feedback' plugin. 4. Click 'Update Now' if available, or manually update to version 1.8.1+. 5. Verify the plugin is active and functioning.
🔧 Temporary Workarounds
Disable vulnerable plugin
WordPressTemporarily deactivate the User Feedback plugin until patched
wp plugin deactivate userfeedback-lite
🧯 If You Can't Patch
- Implement web application firewall (WAF) rules to block access to the onboarding wizard endpoint
- Monitor access logs for unauthorized requests to the vulnerable plugin endpoints
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Installed Plugins for User Feedback plugin version 1.8.0 or earlierCheck Version:
wp plugin get userfeedback-lite --field=versionVerify Fix Applied:
Verify plugin version is 1.8.1 or later in WordPress admin panel📡 Detection & Monitoring
Log Indicators:
- HTTP requests to /wp-admin/admin.php?page=userfeedback_onboarding or similar onboarding wizard endpoints from unauthenticated users
Network Indicators:
- Unusual spikes in requests to WordPress admin paths from unauthenticated sources
SIEM Query:
source="wordpress_access_logs" AND (uri="/wp-admin/admin.php" AND query="page=userfeedback_onboarding") AND status=200 AND NOT authenticated_user=*🔗 References
- https://plugins.trac.wordpress.org/changeset/3378233/userfeedback-lite/trunk/includes/admin/class-userfeedback-onboarding-wizard.php?old=3354862&old_path=userfeedback-lite%2Ftrunk%2Fincludes%2Fadmin%2Fclass-userfeedback-onboarding-wizard.php
- https://www.wordfence.com/threat-intel/vulnerabilities/id/9026b417-4b35-4bec-9dc6-6797661dc7a8?source=cve
