CVE Alert: CVE-2025-11504 - quickcreator - Quickcreator – AI Blog Writer

CVE-2025-11504

HIGHNo exploitation known

The Quickcreator – AI Blog Writer plugin for WordPress is vulnerable to Sensitive Information Exposure in versions 0.0.9 to 0.1.17 through the /wp-content/plugins/quickcreator/dupasrala.txt file. This makes it possible for unauthenticated attackers to view the plugin’s API key and subsequently use that to perform actions on the site like creating new posts and injecting XSS payloads.

CVSS v3.1 (7.5)

Vendor

quickcreator

Product

Quickcreator – AI Blog Writer

Versions

0.0.9 lte 0.1.17

CWE

CWE-532, CWE-532 Insertion of Sensitive Information into Log File

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Published

2025-10-24T08:23:59.230Z

Updated

2025-10-24T08:23:59.230Z

References

https://www.wordfence.com/threat-intel/vulnerabilities/id/561f171e-f13e-408b-a63e-bf6a512d4463?source=cve

https://wordpress.org/plugins/quickcreator/

AI Summary Analysis

Risk verdict

High risk: unauthenticated access to the plugin’s exposed file enables theft of the API key and destructive site actions.

Why this matters

An exposed API key lets an attacker impersonate the site to create posts and inject XSS payloads, risking defacement, content manipulation, and potential user trust erosion. The combination of unauthenticated access and high-impact data exposure can also aid later-stage exploitation or data leakage if the key grants broader privileges.

Most likely attack path

Preconditions: WordPress site with the vulnerable Quickcreator plugin (versions 0.0.9–0.1.17) installed and its du pasrala.txt file publicly accessible.
Exploitation: Attacker reads the file to obtain the API key without authentication, then uses it to perform post creation and inject payloads.
Potential movement: With content-level access via the API key, attackers can seed new posts or modify pages; limited lateral movement depends on the key’s scope and permissions.

Who is most exposed

Sites running WordPress with this plugin active, especially on publicly accessible hosting or poorly protected file paths, are at higher risk. Shared or misconfigured hosting with exposed plugin directories is a common exposure pattern.

Detection ideas

Alerts on access to /wp-content/plugins/quickcreator/dupasrala.txt or similar sensitive-file paths.
Unauthenticated POSTs or rapid mass-post creation from unusual IPs.
Use of extracted API keys in content management actions.
Posts containing unexpected or malformed scripts/XSS payloads.
Sudden changes in content authored by accounts with limited privileges.

Mitigation and prioritisation

Apply the plugin patch to 0.1.17+ or upgrade to latest release; remove or disable the vulnerable plugin if not required.
Restrict public access to plugin files (server deny/htaccess) and rotate any API keys exposed by the plugin.
Implement Web Application Firewall rules to block access to the sensitive file path and to suspicious post activity.
Monitor for anomalous post creation and content payloads; enforce stricter content validation.
Plan a change-management window for patch validation and site-wide backups prior to deployment.

Support Our Work

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on Patreon or Buy Me A Coffee using the buttons below.

AI APIs OSINT driven New features

Buy Me A Coffee Patreon

Tags: CVE, cve-2025-11504, OSINT, quickcreator, quickcreator-ai-blog-writer, threatintel