Quickcreator – AI Blog Writer 0.0.9 – 0.1.17

7.5 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Description

The Quickcreator – AI Blog Writer plugin for WordPress is vulnerable to Sensitive Information Exposure in versions 0.0.9 to 0.1.17 through the /wp-content/plugins/quickcreator/dupasrala.txt file. This makes it possible for unauthenticated attackers to view the plugin's API key and subsequently use that to perform actions on the site like creating new posts and injecting XSS payloads.

Basic Information

ID CVE-2025-11504

Source Wordfence

Published Oct 24, 2025 at 08:23

Affected Product

Vendor quickcreator

Product Quickcreator – AI Blog Writer

Version 0.0.9

Affected Versions quickcreator Quickcreator – AI Blog Writer 0.0.9

CWE Classification

CWE-532

References

{
    "lastseen": "",
    "description": "The Quickcreator \u2013 AI Blog Writer plugin for WordPress is vulnerable to Sensitive Information Exposure in versions 0.0.9 to 0.1.17 through the /wp-content/plugins/quickcreator/dupasrala.txt file. This makes it possible for unauthenticated attackers to view the plugin's API key and subsequently use that to perform actions on the site like creating new posts and injecting XSS payloads.",
    "published": "2025-10-24T08:23:59.230Z",
    "modified": "2025-10-24T08:23:59.230Z",
    "type": "cve",
    "title": "Quickcreator \u2013 AI Blog Writer 0.0.9 - 0.1.17 - Unauthenticated API Key Exposure",
    "source": "Wordfence",
    "references": "https://www.wordfence.com/threat-intel/vulnerabilities/id/561f171e-f13e-408b-a63e-bf6a512d4463?source=cve\nhttps://wordpress.org/plugins/quickcreator/",
    "id": "CVE-2025-11504",
    "bulletinFamily": "",
    "cwe": [
        "CWE-532"
    ],
    "cvelist": null,
    "sourceData": "quickcreator Quickcreator \u2013 AI Blog Writer 0.0.9",
    "sourceHref": "",
    "cvss": {
        "score": 7.5,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Quickcreator \u2013 AI Blog Writer",
    "version": "0.0.9",
    "vendor": "quickcreator",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Quickcreator – AI Blog Writer 0.0.9 – 0.1.17 – Unauthenticated API Key Exposure_CVE-2025-11504