CVE-2025-11891
📋 TL;DR
The Shelf Planner WordPress plugin exposes sensitive information through publicly accessible log files in versions up to 2.7.0. Unauthenticated attackers can view potentially sensitive data from these logs. All WordPress sites using vulnerable versions of this plugin are affected.
💻 Affected Systems
- Shelf Planner WordPress Plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers obtain credentials, API keys, personal data, or other sensitive information leading to account compromise, data breaches, or further attacks.
Likely Case
Attackers harvest debugging information, user data, or configuration details that could facilitate targeted attacks or reconnaissance.
If Mitigated
Limited exposure of non-critical debugging information with minimal impact on security posture.
🎯 Exploit Status
Exploitation requires only web browser access to exposed log file URLs.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.7.1 or later
Vendor Advisory: https://wordpress.org/plugins/shelf-planner/
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find Shelf Planner plugin. 4. Click 'Update Now' if update available. 5. Alternatively, download latest version from WordPress plugin repository and replace plugin files.
🔧 Temporary Workarounds
Restrict access to plugin directories
linuxAdd .htaccess rules to block public access to plugin log directories
# Add to .htaccess in plugin directory:
Order deny,allow
Deny from all
Delete exposed log files
linuxManually locate and delete any exposed log files in plugin directories
find /path/to/wordpress/wp-content/plugins/shelf-planner -name "*.log" -type f -delete
🧯 If You Can't Patch
- Disable or remove the Shelf Planner plugin entirely
- Implement web application firewall rules to block access to plugin log file paths
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel for Shelf Planner plugin version. If version is 2.7.0 or earlier, you are vulnerable.Check Version:
wp plugin list --name=shelf-planner --field=versionVerify Fix Applied:
After updating, verify plugin version shows 2.7.1 or later in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- HTTP 200 requests to paths containing '/shelf-planner/' and '.log' extensions
- Unusual access patterns to plugin directories
Network Indicators:
- HTTP GET requests to /wp-content/plugins/shelf-planner/*.log
SIEM Query:
source="web_access_logs" AND uri_path="/wp-content/plugins/shelf-planner/" AND uri_path="*.log"