Export WP Page to Static HTML & PDF

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

The Export WP Page to Static HTML & PDF plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.4 through publicly exposed cookies.txt files containing authentication cookies. This makes it possible for unauthenticated attackers to cookies that may have been injected into the log file if the site administrator triggered a back-up using a specific user role like 'administrator.'

Basic Information

ID CVE-2025-11693

Source Wordfence

Published Dec 13, 2025 at 04:31

Affected Product

Vendor recorp

Product Export WP Pages to HTML & PDF – Simply Create a Static Website

Version *

Affected Versions recorp Export WP Pages to HTML & PDF – Simply Create a Static Website *

CWE Classification

CWE-200

References

{
    "lastseen": "",
    "description": "The Export WP Page to Static HTML & PDF plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.4 through publicly exposed cookies.txt files containing authentication cookies. This makes it possible for unauthenticated attackers to cookies that may have been injected into the log file if the site administrator triggered a back-up using a specific user role like 'administrator.'",
    "published": "2025-12-13T04:31:33.724Z",
    "modified": "2025-12-13T04:31:33.724Z",
    "type": "cve",
    "title": "Export WP Page to Static HTML & PDF <= 4.3.4 - Unauthenticated Cookie Exposure via Log File",
    "source": "Wordfence",
    "references": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cd28ac3c-aaef-49e3-843d-8532404703c9?source=cve\nhttps://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3388166%40export-wp-page-to-static-html&new=3388166%40export-wp-page-to-static-html&sfp_email=&sfph_mail=",
    "id": "CVE-2025-11693",
    "bulletinFamily": "",
    "cwe": [
        "CWE-200"
    ],
    "cvelist": null,
    "sourceData": "recorp Export WP Pages to HTML & PDF \u2013 Simply Create a Static Website *",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Export WP Pages to HTML & PDF \u2013 Simply Create a Static Website",
    "version": "*",
    "vendor": "recorp",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Export WP Page to Static HTML & PDF <= 4.3.4 - Unauthenticated Cookie Exposure via Log File_CVE-2025-11693