Description
The ERI File Library plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'erifl_file' AJAX action in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated attackers to download files restricted to specific user roles.
Published: 2025-10-31
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure
Action: Apply Patch
AI Analysis

Impact

The ERI File Library plugin for WordPress contains a missing capability check on its 'erifl_file' AJAX endpoint, which allows an unauthenticated attacker to retrieve files that are normally restricted to certain user roles. This omission is a classic example of CWE-862: Missing Authorization, leading to potential compromise of confidential data on the web server.

Affected Systems

This flaw affects the WordPress plugin ERI File Library version 1.1.0 and all earlier releases, distributed by the vendor apos37 and listed in the WordPress plugin repository. WordPress sites that have the vulnerable plugin installed and the default AJAX action reachable are at risk.

Risk and Exploitability

The CVSS score of 5.3 signals moderate severity with significant impact to confidentiality. The EPSS score is less than 1%, indicating a low but nonzero probability of exploitation. The vulnerability is not listed in the CISA KEV catalog, suggesting no confirmed exploitation in the wild. Attackers can remotely probe the site by sending HTTP requests to wp-admin/admin-ajax.php with the action=erifl_file parameter; no authentication is required, making the exploit trivially usable against any publicly accessible WordPress instance running the plugin.

Generated by OpenCVE AI on April 27, 2026 at 23:32 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the ERI File Library plugin to the latest released version. New releases include a missing authorization check that prevents unauthenticated file downloads.
  • If an immediate upgrade is not feasible, disable the 'erifl_file' AJAX action by removing its action hook or disabling the plugin entirely to prevent unauthenticated file downloads.
  • After remediation, validate that users lacking the required capabilities cannot trigger the action by attempting a test download or monitoring access logs for unauthorized attempts.

Generated by OpenCVE AI on April 27, 2026 at 23:32 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 03 Nov 2025 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Apos37
Apos37 eri File Library
Wordpress
Wordpress wordpress
Vendors & Products Apos37
Apos37 eri File Library
Wordpress
Wordpress wordpress

Fri, 31 Oct 2025 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 31 Oct 2025 09:45:00 +0000

Type Values Removed Values Added
Description The ERI File Library plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'erifl_file' AJAX action in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated attackers to download files restricted to specific user roles.
Title ERI File Library <= 1.1.0 - Missing Authorization to Unauthenticated Protected File Download
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

Subscriptions

Apos37 Eri File Library
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2026-04-08T16:37:15.628Z

Reserved: 2025-10-21T18:43:27.936Z

Link: CVE-2025-12041

cve-icon Vulnrichment

Updated: 2025-10-31T18:43:10.499Z

cve-icon NVD

Status : Deferred

Published: 2025-10-31T10:15:42.997

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-12041

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-27T23:45:15Z

Weaknesses