CVE-2025-11627 MEDIUM

CVE-2025-11627: Site Checkup AI Troubleshooting with Wizard and Tips for Each Issue <= 1.47 - Unauthenticated Log File Poisoning

Vendor Sminozzi
Product Site Checkup Debug AI Troubleshooting with Wizard and Tips for Each Issue
Weakness CWE-117
Published October 30, 2025
Last update April 8, 2026

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

What the vulnerability does

01Description

The Site Checkup Debug AI Troubleshooting with Wizard and Tips for Each Issue plugin for WordPress is vulnerable to log file poisoning in all versions up to, and including, 1.47. This makes it possible for unauthenticated attackers to insert arbitrary content into log files, and potentially cause denial of service via disk space exhaustion.

Explanation of Vulnerability in Simple Terms

02Summary

Site Checkup Debug AI Troubleshooting with Wizard and Tips for Each Issue versions 1.47 and earlier contain an improper input validation flaw that allows unauthenticated attackers to modify data or degrade service availability. The vulnerability requires no user interaction and can be exploited over the network. Site administrators should update to a version newer than 1.47 as soon as a patch becomes available.

What an attacker can do

03Attacker Capabilities

Modify site data or cause the site to become unavailable without authentication.

Potential impact on your site

04Site Impact

Attackers can alter site content or disrupt service availability without needing a user account.

Conditions required to exploit

05Prerequisites

Network access only; no authentication or user interaction required.

Key dates

06Disclosure timeline

October 30, 2025 CVE published
April 8, 2026 Record updated