CVE-2025-11174 | Missing Auth in Document Library Lite

TL;DR

This vulnerability has been assigned CVE-2025-11174 and is currently pending full publication details from the National Vulnerability Database (NVD). The vulnerability was discovered and responsibly disclosed by Kai Aizen (SnailSploit).

CVE Disclosures →

Status

Description

Full technical details will be published once the vulnerability information is released by NVD and the affected software vendor has had adequate time to patch and notify users.

Timeline

Discovery: Vulnerability discovered during WordPress plugin security assessment
Disclosure: Responsibly disclosed to plugin developer
CVE Assignment: CVE-2025-11174 assigned
Status: Awaiting NVD publication

Updates

This page will be updated with complete technical details, proof of concept, and remediation guidance once the information is publicly available through NVD.

For the most current information, check the official NVD entry or contact [email protected].

References

Discovered by: Kai Aizen (SnailSploit)

CVE-2026-3288 Config Injection in ingress-nginx CVE-2026-1208 CSRF in Friendly Functions for Welcart CVE-2025-11171 Missing Auth in Chartify CVE-2025-9776 SQL Injection in CatFolders CVE-2025-12163 Stored XSS in OmniPress CVE-2025-12030 IDOR in ACF to REST API

@misc{aizen2026cve, author = {Aizen, Kai}, title = {CVE-2025-11174 | Missing Auth in Document Library Lite}, year = {2026}, url = {https://snailsploit.com/security-research/cves/cve-2025-11174/}, note = {snailsploit.com} }