CVE-2025-11771 identifies a vulnerability in the beycanpress WordPress plugin designed for managing cryptocurrency token sales, including presales, ICOs, IDOs, and airdrops. The core issue is a missing authentication and capability check in the 'createSaleRecord' function, which is responsible for recording presale transactions. Because this function lacks proper access control, any unauthenticated user can invoke it to alter presale counters arbitrarily. This unauthorized modification can distort the actual number of tokens sold or available, potentially misleading investors, disrupting fundraising efforts, and damaging the credibility of the token issuer. The vulnerability affects all versions up to and including 2.4.6 of the plugin. The CVSS 3.1 base score is 5.3 (medium severity), reflecting that the attack vector is network-based, requires no privileges or user interaction, and impacts integrity but not confidentiality or availability. No patches or official fixes have been published as of now, and no exploits have been observed in the wild. The vulnerability falls under CWE-306, which concerns missing authentication for critical functions, a common issue in web applications that can lead to unauthorized data manipulation. Given the plugin’s role in financial transactions related to cryptocurrency, the integrity impact is significant despite the medium CVSS score. Organizations relying on this plugin should be aware of the risk of presale data tampering and take immediate steps to mitigate exposure.

For European organizations, this vulnerability poses a risk primarily to the integrity of cryptocurrency fundraising activities. Manipulation of presale counters can lead to inaccurate reporting of token sales, potentially causing financial losses, regulatory scrutiny, and reputational damage. Since the plugin is used in ICOs, IDOs, and airdrops, unauthorized changes could disrupt token distribution schedules and investor trust. Although confidentiality and availability are not directly affected, the integrity compromise could indirectly impact business operations and compliance with financial regulations. European financial regulators emphasize transparency and accuracy in fundraising, so manipulated presale data could trigger audits or sanctions. Organizations operating in the cryptocurrency sector or using WordPress-based launchpads should consider this vulnerability a significant operational risk. The lack of authentication also means attackers can exploit this remotely without credentials, increasing the threat surface. The absence of known exploits provides a window for proactive mitigation, but the potential for future exploitation remains high.

1. Immediately restrict access to the vulnerable plugin’s functionality by implementing web application firewall (WAF) rules that block unauthenticated requests to the 'createSaleRecord' endpoint or related AJAX actions. 2. Disable or deactivate the beycanpress plugin if it is not essential or if presale activities are not currently active. 3. Monitor presale counters and related data for anomalies or unexpected changes, using logging and alerting mechanisms to detect unauthorized modifications. 4. Implement custom authentication and capability checks at the web server or application level as a temporary control until an official patch is released. 5. Regularly back up presale data to enable restoration in case of tampering. 6. Engage with the plugin vendor or community to obtain updates or patches as soon as they become available. 7. Educate staff responsible for managing ICOs and token sales about the vulnerability and the importance of verifying presale data integrity. 8. Consider deploying intrusion detection systems (IDS) tuned to detect unusual traffic patterns targeting the plugin’s endpoints. 9. Review and harden WordPress security configurations, including limiting plugin installation to trusted sources and minimizing plugin usage to reduce attack surface.