CVE-2025-10745 is a medium-severity vulnerability affecting the WordPress plugin 'Banhammer – Monitor Site Traffic, Block Bad Users and Bots' developed by specialk. The vulnerability arises from the use of insufficiently random values in generating a site-wide secret key. Specifically, the plugin deterministically generates this secret key from a constant character set using the md5() hashing function combined with base64 encoding, and stores it in the 'banhammer_secret_key' option. Because the secret key is predictable, unauthenticated attackers can bypass the plugin's logging and blocking mechanisms by appending a GET parameter named 'banhammer-process_{SECRET}' to their requests, where {SECRET} is the predictable secret key. This causes Banhammer to abort its protections for that request, effectively allowing malicious users or bots to evade detection and blocking. The vulnerability affects all versions up to and including 3.4.8. The CVSS 3.1 base score is 5.3 (medium), with an attack vector of network (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), unchanged scope (S:U), no confidentiality impact (C:N), low integrity impact (I:L), and no availability impact (A:N). There are no known exploits in the wild at the time of publication, and no patches have been linked yet. The root cause is classified under CWE-330, which refers to the use of insufficiently random values in security-critical contexts.

For European organizations using the Banhammer plugin on WordPress sites, this vulnerability undermines the effectiveness of a key security control designed to monitor and block malicious traffic, including bad users and bots. Attackers can bypass logging and blocking, potentially enabling them to conduct reconnaissance, brute force attacks, or other malicious activities without detection. This could lead to increased risk of unauthorized access attempts, data scraping, or denial of service conditions if attackers flood the site with malicious requests. While the vulnerability does not directly compromise confidentiality or availability, the integrity of the site's security posture is weakened, increasing the likelihood of further exploitation or compromise. Organizations relying on Banhammer for bot mitigation and traffic monitoring may experience reduced visibility into malicious activity, complicating incident response and threat hunting efforts. Given the widespread use of WordPress in Europe, especially among small and medium enterprises and public sector websites, the impact could be significant if exploited at scale.

European organizations should immediately assess their exposure by identifying WordPress instances running the Banhammer plugin version 3.4.8 or earlier. Until an official patch is released, administrators should consider disabling the plugin or replacing it with alternative, more secure bot management solutions. If disabling is not feasible, organizations should implement additional web application firewall (WAF) rules to detect and block requests containing the 'banhammer-process_' GET parameter pattern. Monitoring web server logs for suspicious requests that include this parameter can help identify attempted bypasses. Furthermore, organizations should advocate for the plugin vendor to update the secret key generation mechanism to use cryptographically secure random functions (e.g., PHP's random_bytes) rather than md5 and base64 encoding of a constant character set. Applying principle of least privilege to WordPress user roles and ensuring all other security best practices are in place will also help mitigate potential downstream risks. Regular security audits and penetration testing focusing on plugin vulnerabilities are recommended to detect similar issues proactively.