CVE-2025-49240

Vulnerability

The DocsPress plugin for WordPress (versions up to and including 2.5.2) contains a missing authorization vulnerability in its AJAX functions. Specifically, subscribers—a low-privileged user role—can execute AJAX requests to export documentation, a capability that should require higher privileges such as editor or administrator. The issue was addressed in version 2.5.3, which restricts these AJAX functions to authorized users only [1].

Exploitation

An attacker needs a valid WordPress subscriber account. By crafting AJAX requests to the vulnerable endpoints, the attacker can trigger the export functionality without proper authorization checks. No additional user interaction or special network position is required beyond being logged in as a subscriber [1].

Impact

Successful exploitation allows an attacker to export documentation content, potentially exposing sensitive or proprietary information that should be restricted to higher-privileged users. This constitutes an information disclosure vulnerability, compromising the confidentiality of the documentation data [1].

Mitigation

The vulnerability is fixed in DocsPress version 2.5.3, released on May 21, 2025. Users should update to this version immediately. No workarounds are available for older versions [1].