Medium severity5.3NVD Advisory· Published Sep 26, 2025· Updated Apr 15, 2026
CVE-2025-10745
CVE-2025-10745
Description
The Banhammer – Monitor Site Traffic, Block Bad Users and Bots plugin for WordPress is vulnerable to Blocking Bypass in all versions up to, and including, 3.4.8. This is due to a site-wide “secret key” being deterministically generated from a constant character set using md5() and base64_encode() and then stored in the banhammer_secret_key option. This makes it possible for unauthenticated attackers to bypass the plugin’s logging and blocking by appending a GET parameter named banhammer-process_{SECRET} where {SECRET} is the predictable value, thereby causing Banhammer to abort its protections for that request.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1Patches
Vulnerability mechanics
References
5- plugins.trac.wordpress.org/browser/banhammer/trunk/inc/banhammer-core.phpnvd
- plugins.trac.wordpress.org/browser/banhammer/trunk/inc/banhammer-functions.phpnvd
- plugins.trac.wordpress.org/changesetnvd
- plugins.trac.wordpress.org/changesetnvd
- www.wordfence.com/threat-intel/vulnerabilities/id/97c46a13-6981-426f-b24a-c9820657042fnvd
News mentions
0No linked articles in our index yet.