The vulnerability identified as CVE-2025-11773 affects the beycanpress WordPress plugin 'Cryptocurrency (Token), Launchpad (Presale), ICO & IDO, Airdrop by TokenICO' in all versions up to and including 2.4.6. The root cause is a missing authorization (capability) check in the 'saveDeployedContract' function, which is responsible for saving deployed smart contract addresses within the WordPress options database under the key 'tokenico_deployed_contracts'. Because of this missing check, any authenticated user with at least Subscriber-level privileges can invoke this function to overwrite the stored contract addresses. This unauthorized modification can lead to the display of malicious or incorrect smart contract addresses on the affected WordPress site. Attackers could exploit this to mislead investors or users interacting with the ICO or token launchpad, potentially redirecting funds or causing financial loss. The vulnerability does not require user interaction beyond authentication and has a CVSS 3.1 base score of 4.3, reflecting a medium severity primarily due to its limited impact on integrity and no impact on confidentiality or availability. No patches or official fixes are currently linked, and no known exploits have been reported in the wild. The vulnerability falls under CWE-862 (Missing Authorization), emphasizing the importance of proper capability checks in WordPress plugin development.

The primary impact of this vulnerability is on data integrity within affected WordPress sites using the beycanpress plugin. Unauthorized users with Subscriber-level access can alter smart contract addresses, potentially redirecting users to malicious contracts or invalid addresses. This can lead to financial losses for investors or users interacting with ICOs, presales, or token launches hosted on compromised sites. The trustworthiness and reputation of organizations running these platforms can be severely damaged. Although the vulnerability does not directly compromise confidentiality or availability, the manipulation of contract addresses can facilitate fraud, phishing, or theft of cryptocurrency assets. Organizations relying on this plugin for critical token sale infrastructure are at risk of targeted attacks, especially if they do not enforce strict user role management or monitor changes to contract data. The lack of known exploits suggests limited current exploitation, but the ease of exploitation by low-privileged authenticated users raises concern for insider threats or compromised accounts.

To mitigate this vulnerability, organizations should immediately restrict user roles and permissions to minimize the number of users with Subscriber-level or higher access, especially on sites handling cryptocurrency transactions. Implement strict access controls and monitor user activity for unauthorized changes to plugin settings or contract addresses. Until an official patch is released, consider disabling the vulnerable plugin or replacing it with a secure alternative. If disabling is not feasible, apply custom code to enforce capability checks on the 'saveDeployedContract' function, ensuring only trusted administrator roles can modify contract addresses. Regularly audit WordPress options related to 'tokenico_deployed_contracts' for unauthorized modifications. Employ Web Application Firewalls (WAFs) with rules to detect and block suspicious requests targeting this function. Educate site administrators about the risks of granting unnecessary privileges and encourage strong authentication mechanisms such as multi-factor authentication to reduce the risk of account compromise.