{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-11522", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-10-08T19:02:40.089Z", "datePublished": "2025-10-09T07:23:51.749Z", "dateUpdated": "2026-04-08T17:27:19.113Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:27:19.113Z"}, "affected": [{"vendor": "Elated-Themes", "product": "Search & Go - Directory WordPress Theme", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "2.7", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Search & Go - Directory WordPress Theme theme for WordPress is vulnerable to Authentication Bypass via account takeover in all versions up to, and including, 2.7. This is due to insufficient user validation in the search_and_go_elated_check_facebook_user() function This makes it possible for unauthenticated attackers to gain access to other user's accounts, including administrators, when Facebook login is enabled. CVE-2025-62064 is likely a duplicate of this CVE."}], "title": "Search & Go - Directory WordPress Theme <= 2.7 - Authentication Bypass to Privilege Escalation via Account Takeover", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/da590a65-8728-4577-b6e4-ecebc2a2277d?source=cve"}, {"url": "https://themeforest.net/item/search-go-modern-smart-directory-theme/15365040"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel", "cweId": "CWE-288", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL"}}], "credits": [{"lang": "en", "type": "finder", "value": "Tran Nguyen Bao Khanh (from VCI - VNPT Cyber Immunity)"}], "timeline": [{"time": "2025-10-08T00:00:00.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-10-09T15:12:18.373971Z", "id": "CVE-2025-11522", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-09T15:18:44.769Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-11522", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-10-09T15:12:18.373971Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-09T15:17:27.526Z"}}], "cna": {"title": "Search & Go - Directory WordPress Theme <= 2.7 - Authentication Bypass to Privilege Escalation via Account Takeover", "credits": [{"lang": "en", "type": "finder", "value": "Tran Nguyen Bao Khanh (from VCI - VNPT Cyber Immunity)"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "Elated-Themes", "product": "Search & Go - Directory WordPress Theme", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "2.7"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-10-08T00:00:00.000+00:00", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/da590a65-8728-4577-b6e4-ecebc2a2277d?source=cve"}, {"url": "https://themeforest.net/item/search-go-modern-smart-directory-theme/15365040"}], "descriptions": [{"lang": "en", "value": "The Search & Go - Directory WordPress Theme theme for WordPress is vulnerable to Authentication Bypass via account takeover in all versions up to, and including, 2.7. This is due to insufficient user validation in the search_and_go_elated_check_facebook_user() function This makes it possible for unauthenticated attackers to gain access to other user's accounts, including administrators, when Facebook login is enabled."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-288", "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2025-10-09T07:23:51.749Z"}}}, "cveMetadata": {"cveId": "CVE-2025-11522", "state": "PUBLISHED", "dateUpdated": "2025-10-09T15:18:44.769Z", "dateReserved": "2025-10-08T19:02:40.089Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-10-09T07:23:51.749Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Search & Go - Directory WordPress Theme theme for WordPress is vulnerable to Authentication Bypass via account takeover in all versions up to, and including, 2.7. This is due to insufficient user validation in the search_and_go_elated_check_facebook_user() function This makes it possible for unauthenticated attackers to gain access to other user's accounts, including administrators, when Facebook login is enabled. CVE-2025-62064 is likely a duplicate of this CVE."}], "id": "CVE-2025-11522", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-10-09T08:15:38.250", "references": [{"source": "security@wordfence.com", "url": "https://themeforest.net/item/search-go-modern-smart-directory-theme/15365040"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/da590a65-8728-4577-b6e4-ecebc2a2277d?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-288"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-21T02:26:51.970430+00:00", "value": {"mitigation_remediation": ["Update the Search & Go theme to the latest version that removes the incomplete Facebook user validation.", "If immediate theme upgrade is not possible, disable the Facebook login feature to remove the attack vector.", "Monitor site logs for unusual authentication patterns and consider deploying a web application firewall rule that blocks suspicious requests targeting the Facebook login endpoint."], "summary": {"action": "Patch immediately", "impact": "Account takeover with potential privilege escalation"}, "threat_synthesis": {"affected_systems": "WordPress sites using the Elated-Themes Search & Go - Directory WordPress Theme version 2.7 or earlier are affected. The vulnerability is present in all releases of the theme up to and including 2.7.", "description_and_impact": "The theme contains a flaw in the function that validates Facebook users, allowing attackers to bypass authentication. An unauthenticated actor can log in as any user, including administrators, therefore gaining full control of the site. The weakness directly violates authentication control and can lead to unauthorized data access, deletion, or site takeover.", "risk_and_exploitability": "The CVSS score of 9.8 marks this issue as critical. The EPSS score of < 1% indicates that exploitation is currently considered rare, yet the vulnerability can be exploited remotely by simply sending a crafted request when Facebook login is enabled. The vulnerability is not listed in CISA\u2019s KEV catalog, but its high severity and authentication bypass make it a high\u2011risk target if the theme is in use."}}}}, "created": "2025-10-09T12:51:12.806676+00:00", "updated": "2026-04-21T02:30:25.834379+00:00", "vendors": ["elated-themes", "elated-themes$PRODUCT$search_and_go_directory", "wordpress", "wordpress$PRODUCT$wordpress"]}