CVE-2025-11693
📋 TL;DR
The Export WP Page to Static HTML & PDF WordPress plugin exposes authentication cookies in publicly accessible cookies.txt files when administrators trigger backups. This allows unauthenticated attackers to steal session cookies and potentially hijack administrator accounts. All WordPress sites using this plugin up to version 4.3.4 are affected.
💻 Affected Systems
- Export WP Page to Static HTML & PDF WordPress plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers gain full administrative access to WordPress sites, enabling complete site takeover, data theft, malware injection, and further network compromise.
Likely Case
Attackers steal administrator session cookies and hijack WordPress admin accounts to modify content, install malicious plugins, or exfiltrate sensitive data.
If Mitigated
With proper file permissions and web server configuration, the cookies.txt file would not be publicly accessible, limiting exposure.
🎯 Exploit Status
Exploitation requires finding the exposed cookies.txt file URL, which follows predictable patterns based on backup timestamps.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 4.3.5
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Export WP Page to Static HTML & PDF'. 4. Click 'Update Now' if available, or manually update to version 4.3.5+. 5. Verify update completes successfully.
🔧 Temporary Workarounds
Block cookies.txt access via .htaccess
linuxPrevent web access to cookies.txt files using Apache mod_rewrite rules
<Files "cookies.txt">
Order Allow,Deny
Deny from all
</Files>
Delete existing cookies.txt files
linuxRemove any existing exposed cookies.txt files from backup directories
find /path/to/wordpress -name "cookies.txt" -type f -delete
🧯 If You Can't Patch
- Disable the Export WP Page to Static HTML & PDF plugin immediately
- Implement web application firewall rules to block access to cookies.txt files
🔍 How to Verify
Check if Vulnerable:
Check if cookies.txt files exist in WordPress backup directories and are publicly accessible via URL (e.g., https://example.com/wp-content/uploads/export-wp-page-to-static-html/backup_*/cookies.txt)Check Version:
wp plugin list --name="Export WP Page to Static HTML & PDF" --field=versionVerify Fix Applied:
Confirm plugin version is 4.3.5+ in WordPress admin panel and verify cookies.txt files are no longer publicly accessible📡 Detection & Monitoring
Log Indicators:
- HTTP 200 requests to cookies.txt files
- Unusual admin login activity following cookie exposure
Network Indicators:
- GET requests to */cookies.txt patterns
- Traffic spikes to backup directories
SIEM Query:
url="*cookies.txt" AND http_status=200