{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-10745", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-09-19T19:27:00.940Z", "datePublished": "2025-09-26T03:25:34.436Z", "dateUpdated": "2026-04-08T17:10:32.674Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:10:32.674Z"}, "affected": [{"vendor": "specialk", "product": "Banhammer \u2013 Monitor Site Traffic, Block Bad Users and Bots", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "3.4.8", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Banhammer \u2013 Monitor Site Traffic, Block Bad Users and Bots plugin for WordPress is vulnerable to Blocking Bypass in all versions up to, and including, 3.4.8. This is due to a site-wide \u201csecret key\u201d being deterministically generated from a constant character set using md5() and base64_encode() and then stored in the `banhammer_secret_key` option. This makes it possible for unauthenticated attackers to bypass the plugin\u2019s logging and blocking by appending a GET parameter named `banhammer-process_{SECRET}` where `{SECRET}` is the predictable value, thereby causing Banhammer to abort its protections for that request."}], "title": "Banhammer \u2013 Monitor Site Traffic, Block Bad Users and Bots <= 3.4.8 - Unauthenticated Protection Mechanism Bypass", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/97c46a13-6981-426f-b24a-c9820657042f?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/banhammer/trunk/inc/banhammer-functions.php#L336"}, {"url": "https://plugins.trac.wordpress.org/browser/banhammer/trunk/inc/banhammer-core.php#L101"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3365979%40banhammer&new=3365979%40banhammer&sfp_email=&sfph_mail="}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3365087%40banhammer&new=3365087%40banhammer&sfp_email=&sfph_mail="}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-330 Use of Insufficiently Random Values", "cweId": "CWE-330", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Jonas Benjamin Friedli"}], "timeline": [{"time": "2025-09-19T20:59:34.000Z", "lang": "en", "value": "Vendor Notified"}, {"time": "2025-09-25T14:27:24.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-09-26T19:32:14.193040Z", "id": "CVE-2025-10745", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-26T19:32:24.596Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-10745", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-09-26T19:32:14.193040Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-26T19:32:20.289Z"}}], "cna": {"title": "Banhammer \u2013 Monitor Site Traffic, Block Bad Users and Bots <= 3.4.8 - Unauthenticated Protection Mechanism Bypass", "credits": [{"lang": "en", "type": "finder", "value": "Jonas Benjamin Friedli"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}}], "affected": [{"vendor": "specialk", "product": "Banhammer \u2013 Monitor Site Traffic, Block Bad Users and Bots", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "3.4.8"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-09-19T20:59:34.000Z", "value": "Vendor Notified"}, {"lang": "en", "time": "2025-09-25T14:27:24.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/97c46a13-6981-426f-b24a-c9820657042f?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/banhammer/trunk/inc/banhammer-functions.php#L336"}, {"url": "https://plugins.trac.wordpress.org/browser/banhammer/trunk/inc/banhammer-core.php#L101"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3365979%40banhammer&new=3365979%40banhammer&sfp_email=&sfph_mail="}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3365087%40banhammer&new=3365087%40banhammer&sfp_email=&sfph_mail="}], "descriptions": [{"lang": "en", "value": "The Banhammer \u2013 Monitor Site Traffic, Block Bad Users and Bots plugin for WordPress is vulnerable to Blocking Bypass in all versions up to, and including, 3.4.8. This is due to a site-wide \u201csecret key\u201d being deterministically generated from a constant character set using md5() and base64_encode() and then stored in the `banhammer_secret_key` option. This makes it possible for unauthenticated attackers to bypass the plugin\u2019s logging and blocking by appending a GET parameter named `banhammer-process_{SECRET}` where `{SECRET}` is the predictable value, thereby causing Banhammer to abort its protections for that request."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-330", "description": "CWE-330 Use of Insufficiently Random Values"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2025-09-26T03:25:34.436Z"}}}, "cveMetadata": {"cveId": "CVE-2025-10745", "state": "PUBLISHED", "dateUpdated": "2025-09-26T19:32:24.596Z", "dateReserved": "2025-09-19T19:27:00.940Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-09-26T03:25:34.436Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Banhammer \u2013 Monitor Site Traffic, Block Bad Users and Bots plugin for WordPress is vulnerable to Blocking Bypass in all versions up to, and including, 3.4.8. This is due to a site-wide \u201csecret key\u201d being deterministically generated from a constant character set using md5() and base64_encode() and then stored in the `banhammer_secret_key` option. This makes it possible for unauthenticated attackers to bypass the plugin\u2019s logging and blocking by appending a GET parameter named `banhammer-process_{SECRET}` where `{SECRET}` is the predictable value, thereby causing Banhammer to abort its protections for that request."}], "id": "CVE-2025-10745", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-09-26T04:15:55.837", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/banhammer/trunk/inc/banhammer-core.php#L101"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/banhammer/trunk/inc/banhammer-functions.php#L336"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3365087%40banhammer&new=3365087%40banhammer&sfp_email=&sfph_mail="}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3365979%40banhammer&new=3365979%40banhammer&sfp_email=&sfph_mail="}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/97c46a13-6981-426f-b24a-c9820657042f?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-330"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-22T13:19:44.977372+00:00", "value": {"mitigation_remediation": ["Upgrade the Banhammer plugin to the latest available version, which removes reliance on a deterministic secret key.", "If an update is unavailable, temporarily disable the Banhammer plugin or remove it from the site to prevent the bypass.", "Verify that site access is protected by additional security measures such as a Web\u2011Application Firewall or rate\u2011limiting to mitigate potential abuse of the bypass."], "summary": {"action": "Apply Patch", "impact": "Unauthorized bypass of Banhammer protection"}, "threat_synthesis": {"affected_systems": "WordPress sites running the Banhammer \u2013 Monitor Site Traffic, Block Bad Users and Bots plugin from specialk, versions 3.4.8 and earlier.", "description_and_impact": "The Banhammer plugin stores a site\u2011wide secret key that is deterministically derived from a constant character set using md5() and base64_encode(). Because the key is predictable, unauthenticated users can append a GET parameter named banhammer-process_{SECRET} to any URL to cause Banhammer to abort its logging and blocking for that request. This allows attackers to avoid being logged or blocked by the plugin, effectively disabling its protection controls. The weakness is identified as CWE\u2011330, a use of insufficiently random values.", "risk_and_exploitability": "The CVSS score of 5.3 indicates moderate severity, and the EPSS score is under 1%, suggesting a low but non\u2011zero likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog. Attackers can exploit the flaw remotely without authentication by crafting a GET request that contains the predictable secret key; no elevated privileges or compromise of the WordPress core is required."}}}}, "created": "2025-09-26T11:35:19.904163+00:00", "updated": "2026-04-22T13:30:17.920374+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress"]}