CVE-2025-11373 identifies a missing authorization vulnerability (CWE-862) in the 'Popup and Slider Builder by Depicter' WordPress plugin, which is widely used to create email collecting popups, coupon popups, image sliders, and carousels. The vulnerability exists in the 'depicter-media-upload' AJAX endpoint, which lacks proper capability checks, allowing authenticated users with Contributor-level permissions or higher to upload files to the server. This bypasses intended access controls, enabling arbitrary file uploads. Although the uploaded files are limited in type or size, this can still lead to integrity compromises, such as uploading malicious scripts or web shells if combined with other weaknesses. The vulnerability affects all plugin versions up to and including 4.0.4. Exploitation does not require user interaction but does require authentication with at least Contributor privileges, which are common in multi-author WordPress sites. The CVSS 3.1 score of 4.3 reflects a medium severity, with network attack vector, low attack complexity, and no user interaction needed. No public exploits have been reported yet, but the vulnerability poses a risk especially in environments with multiple contributors or less stringent user role management. The lack of patch links suggests a fix is pending or not yet released, so interim mitigations are critical. This vulnerability could be leveraged for further attacks such as privilege escalation or persistent backdoors if attackers upload executable files and find ways to execute them.

For European organizations, especially those running WordPress sites with multiple contributors or marketing teams using the affected plugin, this vulnerability can lead to unauthorized file uploads that compromise site integrity. While the immediate impact on confidentiality and availability is low, the integrity risk is significant as attackers could upload malicious files that enable further exploitation, such as remote code execution or defacement. This is particularly concerning for e-commerce, media, and public sector websites where trust and uptime are critical. The vulnerability could also facilitate lateral movement within compromised networks if attackers gain footholds via web shells. Organizations with less mature user role management or those allowing Contributor-level access broadly are at higher risk. The absence of known exploits reduces immediate urgency but does not eliminate the threat, as attackers often develop exploits rapidly once vulnerabilities are public. The medium CVSS score reflects a moderate risk that should not be ignored, especially given the widespread use of WordPress and the plugin's popularity in marketing and customer engagement.

1. Immediately review and restrict user roles on WordPress sites to ensure only trusted users have Contributor-level or higher access. 2. Implement strict file upload restrictions and scanning on the server to detect and block potentially malicious files. 3. Monitor the 'depicter-media-upload' AJAX endpoint for unusual activity or unauthorized uploads using web application firewalls or intrusion detection systems. 4. Disable or remove the vulnerable plugin if it is not essential or replace it with a secure alternative. 5. Apply principle of least privilege for all WordPress users and regularly audit user permissions. 6. Keep WordPress core and all plugins updated; apply patches from the vendor as soon as they become available. 7. Employ security plugins that can detect and prevent unauthorized file uploads or code injections. 8. Conduct regular security assessments and penetration tests focusing on file upload functionalities. 9. Educate site administrators and contributors about the risks of uploading untrusted files and the importance of secure practices. 10. If a patch is not yet available, consider implementing custom authorization checks or temporarily disabling the AJAX upload route via server configuration or plugin code modifications.