This repository contains security research and proof-of-concept code for CVE-2025-11174. The vulnerability has been responsibly disclosed and a patch is available.

This PoC should ONLY be used for:

• Security research on systems you own
• Authorized penetration testing with written permission
• Educational purposes in controlled environments
• Validating patches on your own WordPress installations

DO NOT use this PoC for:

• Testing systems without explicit authorization
• Malicious purposes or unauthorized access
• Causing damage or disruption to services
• Any illegal activities

IMPORTANT: Unauthorized access to computer systems is illegal under various laws including:

• Computer Fraud and Abuse Act (CFAA) - United States
• Computer Misuse Act - United Kingdom
• Similar legislation in other jurisdictions

Users of this code are solely responsible for ensuring they have proper authorization before testing any systems.

If you discover a security vulnerability in this code or related to this CVE:

1. Do NOT open a public GitHub issue
2. Email the maintainers privately at: [your-email@example.com]
3. Include:
   • Detailed description of the vulnerability
   • Steps to reproduce
   • Potential impact
   • Suggested fixes (if any)

We are committed to working with security researchers to verify and address any issues responsibly.

• November 1, 2025 - CVE-2025-11174 publicly disclosed
• November 2025 - Vendor released patch (version 1.1.7)
• November 2, 2025 - This repository published

• Plugin: Document Library Lite for WordPress
• Vendor: Barn2 Plugins
• Affected Versions: ≤ 1.1.6
• Fixed Version: 1.1.7+

Site administrators should:

1. Update to Document Library Lite version 1.1.7 or later immediately
2. Review access logs for potential exploitation
3. Consider implementing Web Application Firewall (WAF) rules

When using this PoC:

1. Always obtain written authorization
2. Test in isolated/controlled environments when possible
3. Document all testing activities
4. Report findings to system owners
5. Never retain unauthorized data
6. Follow coordinated disclosure practices

We thank:

• Barn2 Plugins for their prompt response and patch
• The WordPress security community
• Responsible security researchers

For questions about this security research:

• GitHub Issues: For general questions about the PoC (not vulnerabilities)
• Email: [your-email@example.com] (for security concerns)

Remember: With great power comes great responsibility. Use security research tools ethically and legally.