Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
4DescriptionCVE.org
The Liaison Site Prober plugin for WordPress is vulnerable to Information Exposure in all versions up to and including 1.2.1 via the /wp-json/site-prober/v1/logs REST API endpoint. The permissions_read() permission callback unconditionally returns true (via __return_true()) instead of checking for appropriate capabilities. This makes it possible for unauthenticated attackers to retrieve sensitive audit log data including IP addresses, user IDs, usernames, login/logout events, failed login attempts, and detailed activity descriptions.
AnalysisAI
Liaison Site Prober plugin for WordPress allows unauthenticated attackers to retrieve sensitive audit log data including IP addresses, user IDs, usernames, and login events through an improperly secured REST API endpoint (/wp-json/site-prober/v1/logs) in all versions up to 1.2.1. The vulnerability stems from a permission callback that unconditionally returns true without validating user capabilities, enabling information disclosure with network-level access and no authentication required. No public exploit code or active exploitation has been identified at time of analysis.
Technical ContextAI
The Liaison Site Prober WordPress plugin exposes a REST API endpoint at /wp-json/site-prober/v1/logs that provides access to audit logging data. The vulnerability is rooted in CWE-862 (Missing Authorization), specifically in the permissions_read() callback function defined in class-liaison-rest-controller.php. Instead of implementing capability checks using WordPress's standard has_cap() or current_user_can() functions, the callback uses PHP's __return_true() helper function, which bypasses all permission validation. This allows any HTTP request to the endpoint-whether authenticated or not-to retrieve the full audit log. The affected product is identified by CPE cpe:2.3:a:liaison:liaison_site_prober:*:*:*:*:*:*:*:*, indicating all versions are in scope; however, versions up to and including 1.2.1 are explicitly documented as vulnerable.
RemediationAI
Update the Liaison Site Prober plugin to a patched version released after 1.2.1 as soon as available from the WordPress plugin repository or the vendor's website. Pending availability of a patched version, apply the following compensating controls: disable the /wp-json/site-prober/v1/logs REST API endpoint by adding a filter to the WordPress functions.php file or using a code snippets plugin, or implement Web Application Firewall (WAF) rules to block requests to /wp-json/site-prober endpoints from unauthenticated sources, noting this may break legitimate API consumers and requires testing in a staging environment first. Additionally, restrict REST API access to authenticated users only via WordPress security plugins (e.g., Wordfence, Sucuri) or disable the JSON REST API entirely if not required by other plugins. The source code repository (https://plugins.trac.wordpress.org/browser/liaison-site-prober/) shows the fix should involve replacing __return_true() with a proper capability check such as current_user_can('manage_options') in the permissions_read() callback. Monitor the plugin's update status at https://plugins.wordpress.org/plugins/liaison-site-prober/ for an official patch release.
The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail comman
The Backup Migration plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1
The Hash Form - Drag & Drop Form Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing fil
The GiveWP - Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all
The Simple File List plugin for WordPress through version 4.2.2 contains an unauthenticated remote code execution vulner
The AI Engine WordPress plugin through version 3.1.3 exposes Bearer Token values through the /mcp/v1/ REST API endpoint
The Ninja Forms plugin before 2.9.42.1 for WordPress allows remote attackers to conduct PHP object injection attacks via
The Business Directory Plugin - Easy Listing Directories for WordPress plugin for WordPress is vulnerable to time-based
SQL injection in the NotificationX WordPress plugin (versions up to and including 2.8.2) allows unauthenticated remote a
The POST SMTP Mailer - Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress i
The MasterStudy LMS WordPress Plugin - for Online Courses and Education plugin for WordPress is vulnerable to union base
The Country State City Dropdown CF7 plugin for WordPress is vulnerable to SQL Injection via the ‘cnt’ and 'sid' paramete
Same weakness CWE-862 – Missing Authorization
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-25406
GHSA-x2pj-x7hv-qm35