CVE-2025-13496
📋 TL;DR
The Moosend Landing Pages WordPress plugin up to version 1.1.6 has an authorization vulnerability that allows authenticated users with Subscriber-level access or higher to delete the plugin's API key configuration. This could disrupt email marketing functionality and potentially lead to further attacks. All WordPress sites using vulnerable versions of this plugin are affected.
💻 Affected Systems
- Moosend Landing Pages WordPress Plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could delete the API key, disrupting email marketing campaigns, then potentially use this as a foothold for privilege escalation or other attacks if combined with other vulnerabilities.
Likely Case
Malicious users or compromised accounts delete the API key, causing email marketing functionality to fail until the key is manually restored.
If Mitigated
With proper access controls and monitoring, impact is limited to temporary service disruption requiring API key reconfiguration.
🎯 Exploit Status
Exploitation requires authenticated access but is trivial once authenticated. The vulnerability is publicly documented with code references.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.1.7 or later
Vendor Advisory: https://plugins.trac.wordpress.org/browser/moosend-landing-pages
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find Moosend Landing Pages plugin. 4. Click 'Update Now' if update available. 5. Alternatively, download version 1.1.7+ from WordPress plugin repository and replace files.
🔧 Temporary Workarounds
Restrict User Registration
allTemporarily disable new user registration to prevent new attackers from obtaining Subscriber accounts.
In WordPress Settings → General, set 'Membership' to 'Anyone can register' to unchecked
Remove Plugin
allDeactivate and delete the vulnerable plugin if Moosend functionality is not critical.
WordPress admin → Plugins → Moosend Landing Pages → Deactivate → Delete
🧯 If You Can't Patch
- Restrict user accounts to trusted individuals only and monitor user activity closely.
- Implement web application firewall rules to block suspicious requests to the affected endpoint.
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Moosend Landing Pages. If version is 1.1.6 or lower, you are vulnerable.Check Version:
WordPress admin panel or check wp-content/plugins/moosend-landing-pages/readme.txt file version lineVerify Fix Applied:
After updating, verify plugin version shows 1.1.7 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- WordPress audit logs showing unauthorized modifications to moosend_landing_api_key option
- User role changes or suspicious Subscriber account activity
Network Indicators:
- POST requests to /wp-admin/admin-ajax.php with action=moosend_landings_auth_get parameter
SIEM Query:
source="wordpress" AND (event="option_deleted" AND option_name="moosend_landing_api_key")🔗 References
- https://plugins.trac.wordpress.org/browser/moosend-landing-pages/tags/1.1.6/forms/auth-request.php#L7
- https://plugins.trac.wordpress.org/browser/moosend-landing-pages/trunk/forms/auth-request.php#L7
- https://www.wordfence.com/threat-intel/vulnerabilities/id/eeb4b3b1-47ae-4314-a386-832949456f81?source=cve
